Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am infected.


  • This topic is locked This topic is locked
17 replies to this topic

#1 cainst

cainst

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 15 July 2014 - 05:12 AM

System is running slow.  Browser startup page keeps going to a search screen titled Tuvaro instead fo yahoo.com.  Malwarebytes suddenly will not run.  Malwarebytes services that are set for auto/start are listed as terminated and will not allow a restart.  Trend Micro finds nothing in its scans.  Eset online found several items (quarantined).  Super-Antispyware found several hundred things(all quarantined).  Yet, the problems sill exist.  Please advise.



BC AdBot (Login to Remove)

 


m

#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:24 AM

Posted 19 July 2014 - 02:35 PM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 cainst

cainst
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 20 July 2014 - 12:19 AM

 DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17207
Run by Quovadis at 23:39:40 on 2014-07-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.952 [GMT -5:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = www.google.com
uSearch Page = www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:49364;https=127.0.0.1:49364
uProxyOverride = <-loopback>
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: The Amazon 1Button App for IE: {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Quovadis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9A1ED402-49F2-4BF2-B012-FCBE93E5073B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C4436FBC-6167-465A-B27E-914B07C1CED5} : DHCPNameServer = 192.168.1.254
Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - C:\Program Files (x86)\QuickVerse 2010\qvprotwrapper.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll, c:\progra~2\amazon\amazon~1\\amazon~3.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: The Amazon 1Button App for IE: {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [EPSON Stylus CX6000 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIBIA.EXE /FU "C:\Windows\TEMP\E_SE785.tmp" /EF "HKLM"
x64-Run: [EPSON Stylus CX6000 Series (Copy 4)] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIBIA.EXE /FU "C:\Windows\TEMP\E_S457D.tmp" /EF "HKLM"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - <orphaned>
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - 
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2014-2-27 46392]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2014-2-27 77184]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 202752]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2014-2-27 310952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-28 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-7-7 91352]
R2 sbmntr;sbmntr;C:\PROGRA~2\YTDOWN~1\sbmntr.sys [2013-12-20 58728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-15 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-15 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-15 171928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-21 243232]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-21 384040]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2014-3-18 94520]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2014-3-18 210232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SMUpd;Search Module Update;C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service --> C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe  [?]
S3 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-12 193696]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-12 247968]
S3 CorelCreatorMessages;CorelCreatorMessages;C:\Windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-6 48488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-8 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-18 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-21 246376]
S3 SMUpdd;Search Module UpdateD;C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [2014-3-2 41320]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-11-6 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-18 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-16 1255736]
S4 ChromeHelperUpdt;ChromeHelperUpdt;C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [2014-5-8 284960]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-21 321104]
S4 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-10-6 132504]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
S4 Util FindRight;Util FindRight; [x]
.
=============== Created Last 30 ================
.
2014-07-18 16:29:25 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-07-18 16:23:26 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-07-18 16:23:00 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-07-18 16:22:38 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-07-18 16:22:34 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-07-18 16:22:33 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-07-18 16:22:30 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-07-18 16:19:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-07-18 16:19:52 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-07-18 16:19:22 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-07-18 16:19:21 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-18 06:46:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3BBD5969-1ECC-4246-9F82-33508F3F957B}\offreg.dll
2014-07-18 06:35:59 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3BBD5969-1ECC-4246-9F82-33508F3F957B}\mpengine.dll
2014-07-18 04:49:25 -------- d-----w- C:\Program Files\CCleaner
2014-07-16 01:28:43 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-07-16 01:28:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-07-16 01:28:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-16 00:54:56 -------- d-----w- C:\ProgramData\Licenses
2014-07-16 00:54:37 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-07-14 22:51:50 -------- d-----w- C:\FRST
2014-07-14 00:00:53 -------- d-----w- C:\SUPERDelete
2014-07-13 23:56:40 -------- d-----w- C:\Users\Quovadis\AppData\Roaming\SUPERAntiSpyware.com
2014-07-13 23:55:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-07-13 23:55:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-07-10 12:35:45 -------- d-----w- C:\ProgramData\ChromeHelper
2014-07-09 22:58:15 -------- d-----w- C:\Windows\pss
2014-07-08 11:16:59 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-08 11:14:41 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-08 11:14:40 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-08 11:14:40 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-07-08 11:14:39 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-07-08 11:14:39 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-08 11:14:39 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-08 11:14:39 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-08 11:14:38 692736 ----a-w- C:\Windows\System32\osk.exe
2014-07-08 11:14:37 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-08 11:14:37 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-07-08 11:14:36 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-08 11:09:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-08 11:09:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-08 11:09:00 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-07 23:58:18 79064 ----a-w- C:\Windows\System32\drivers\iqkeo.sys
2014-07-07 19:17:31 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-07 19:10:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-07 19:10:31 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-07 19:10:31 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-07 19:10:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-07 19:10:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-07 18:16:02 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-03 22:49:22 0 ----a-w- C:\Windows\SysWow64\shoB95.tmp
.
==================== Find3M  ====================
.
2014-07-19 23:28:30 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-07-08 19:54:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:54:03 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-07 22:32:27 238128 ----a-w- C:\Windows\RegBootClean64.exe
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-06 01:20:36 23088 ----a-w- C:\Windows\DCEBoot64.exe
2014-04-28 09:33:58 98040 ----a-w- C:\Windows\SysWow64\Packet.dll
2014-04-28 09:33:58 53299 ----a-w- C:\Windows\SysWow64\pthreadVC.dll
2014-04-28 09:33:58 370424 ----a-w- C:\Windows\System32\wpcap.dll
2014-04-28 09:33:58 36600 ----a-w- C:\Windows\System32\drivers\npf.sys
2014-04-28 09:33:58 282360 ----a-w- C:\Windows\SysWow64\wpcap.dll
2014-04-28 09:33:58 107768 ----a-w- C:\Windows\System32\Packet.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 23:41:51.42 ===============
 


#4 cainst

cainst
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 20 July 2014 - 12:53 AM

Here are the gmer log and the attach.txt zip file.

Attached Files



#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:24 AM

Posted 21 July 2014 - 02:31 PM

Hey there,

 

 

We need to take a deeper look on it.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
  • Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #6 cainst

    cainst
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 21 July 2014 - 03:43 PM

    Hello Elle

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
    Ran by Quovadis (administrator) on QUOVADIS-PC on 21-07-2014 15:26:25
    Running from C:\Users\Quovadis\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\ProgramData\HP Photo Creations\Communicator.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
    HKLM\...\Run: [EPSON Stylus CX6000 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIA.EXE [131072 2006-02-13] (SEIKO EPSON CORPORATION)
    HKLM\...\Run: [EPSON Stylus CX6000 Series (Copy 4)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIA.EXE [131072 2006-02-13] (SEIKO EPSON CORPORATION)
    HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-472526558-1063517572-3556198000-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [155456 2013-12-15] ()
    AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
    AppInit_DLLs-x32: , c:\progra~2\amazon\amazon~1\\amazon~3.dll => c:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [138048 2013-12-15] ()
    Startup: C:\Users\Quovadis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    ProxyServer: http=127.0.0.1:49364;https=127.0.0.1:49364
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
    BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
    BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
    BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
    BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
    DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
    Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} -  No File
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebInf64.dll No File
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - C:\Program Files (x86)\QuickVerse 2010\qvprotwrapper.dll (Findex Inc.)
    Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
    Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-07-19]
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-02-27]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-07-19]
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.yahoo.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-15]
    CHR Extension: (Search) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-15]
    CHR Extension: (Google Wallet) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
    CHR Extension: (Gmail) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-15]
    CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx [2012-12-15]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Services (Whitelisted) =================
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    S4 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-08] ()
    S3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd) [File not signed]
    S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
    S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
    S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
    S2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service [X]
    S4 Util FindRight;  [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2013-12-20] (YTDownloader)
    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-02] ()
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-21] ()
    R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
    R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
    R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
    U2 TMAgent; 
     
    ========================== Drivers MD5 =======================
     
    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\atipmdag.sys D3E6B2E1394D93FE9DB0BA24814B0D8F
    C:\Windows\System32\DRIVERS\atikmpag.sys CC4D915D786D3DA973B2EA9B95D59A29
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\athrx.sys E642491F64E58CD5BC8FB8B347DCF65F
    C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
    C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
    C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
    C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
    C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
    C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
    C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
    C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
    C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
    C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
    C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
    C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
    C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
    C:\Windows\System32\drivers\RtHDMIVX.sys D6D381B76056C668679723938F06F16C
    C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
    C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
    C:\Program Files (x86)\YTDownloader\sbmntr.sys 02A7C147402861B794EFFD439772122D
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
    C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
    C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
    C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
    C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys 285036B3E1CD1B0312B0BBFBC6292AD7
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SWDUMon.sys 2E3ACFDA0B792707C59B307ABB6A6E95
    C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4
    C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tmactmon.sys 11BA90E951B9C156F574A112B543269A
    C:\Windows\System32\DRIVERS\tmcomm.sys A7CF9B841956293F20E25E08D53718D6
    C:\Windows\System32\DRIVERS\TMEBC64.sys 9D86A57FB83E39A967CD8D3AAE8A170A
    C:\Windows\System32\DRIVERS\tmeevw.sys 684AEC0A24E2E8F7A6723DA92078BFC1
    C:\Windows\System32\DRIVERS\tmevtmgr.sys 5050F9BC7EC8B1F7E8B7959F5C889486
    C:\Windows\System32\DRIVERS\tmnciesc.sys 0FED34E72250A068BC4E7BA6EA07E7A0
    C:\Windows\System32\DRIVERS\tmtdi.sys 48951FBFFFCAE52FADFCDFB76ED19749
    C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
    C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
    C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
    C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
    C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
    C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
    C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
    C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
    C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
    C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-07-21 15:26 - 2014-07-21 15:26 - 00040230 _____ () C:\Users\Quovadis\Desktop\FRST.txt
    2014-07-21 15:25 - 2014-07-21 15:24 - 02090496 _____ (Farbar) C:\Users\Quovadis\Desktop\FRST64.exe
    2014-07-21 15:24 - 2014-07-21 15:24 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64 (1).exe
    2014-07-21 14:43 - 2014-07-21 14:43 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64.exe
    2014-07-20 00:12 - 2014-07-20 00:12 - 501918954 _____ () C:\Windows\MEMORY.DMP
    2014-07-20 00:12 - 2014-07-20 00:12 - 00275328 _____ () C:\Windows\Minidump\072014-33665-01.dmp
    2014-07-20 00:12 - 2014-07-20 00:12 - 00000000 ____D () C:\Windows\Minidump
    2014-07-20 00:01 - 2014-07-20 00:01 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach (1).zip
    2014-07-19 23:51 - 2014-07-19 23:51 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach.zip
    2014-07-19 23:49 - 2014-07-19 23:49 - 00005067 _____ () C:\Users\Quovadis\Desktop\attach.zip
    2014-07-19 23:42 - 2014-07-19 23:41 - 00025572 _____ () C:\Users\Quovadis\Desktop\dds.txt
    2014-07-19 23:37 - 2014-07-19 23:37 - 00370943 _____ () C:\Users\Quovadis\Downloads\gmer.zip
    2014-07-19 23:36 - 2014-07-19 23:36 - 00688992 ____R (Swearware) C:\Users\Quovadis\Downloads\dds.com
    2014-07-19 18:43 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-07-19 18:43 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-07-19 18:43 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-07-19 18:43 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2014-07-18 11:29 - 2014-07-18 11:30 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-07-18 11:28 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-07-18 11:28 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-07-18 11:28 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-07-18 11:28 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-07-18 11:28 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-07-18 11:28 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-07-18 11:28 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-07-18 11:28 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-07-18 11:28 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-07-18 11:28 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-07-18 11:28 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-07-18 11:28 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-07-18 11:28 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-07-18 11:28 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-07-18 11:28 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-07-18 11:28 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-07-18 11:23 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2014-07-18 11:22 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-07-18 11:22 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2014-07-18 11:22 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2014-07-18 11:19 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-07-18 11:19 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-07-18 11:19 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-07-18 11:19 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-07-17 23:50 - 2014-07-17 23:50 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-07-17 23:49 - 2014-07-17 23:50 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-15 20:46 - 2014-07-15 20:46 - 00000000 ____D () C:\Users\Quovadis\Documents\ProcAlyzer Dumps
    2014-07-15 20:42 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140715-204248.backup
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-07-15 20:28 - 2014-07-16 02:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-07-15 20:28 - 2014-07-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-15 20:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2014-07-15 19:54 - 2014-07-18 00:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-07-15 19:54 - 2014-07-15 19:54 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Licenses
    2014-07-15 19:53 - 2014-07-15 19:53 - 04095448 _____ (BrightFort LLC ) C:\Users\Quovadis\Downloads\spywareblastersetup50.exe
    2014-07-15 19:43 - 2014-07-15 19:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Quovadis\Downloads\spybot-2.4.exe
    2014-07-15 19:40 - 2014-07-15 19:40 - 04812672 _____ (Piriform Ltd) C:\Users\Quovadis\Downloads\ccsetup415.exe
    2014-07-15 04:51 - 2014-07-15 04:51 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Quovadis\Downloads\rkill.exe
    2014-07-15 04:44 - 2014-07-15 04:44 - 03894696 _____ (solvusoft Corporation ) C:\Users\Quovadis\Downloads\Roboot64.exe_Error_Repair_Tool-WinThruster.exe
    2014-07-15 04:38 - 2014-07-15 04:38 - 00000000 ____D () C:\Users\Quovadis\Desktop\mbam-chameleon-3.1.4.0
    2014-07-15 04:20 - 2014-07-15 04:20 - 04872677 _____ () C:\Users\Quovadis\Desktop\mbam-chameleon-3.1.4.0.zip
    2014-07-15 04:11 - 2014-07-15 04:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-14 22:53 - 2014-07-14 22:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Documents\ced.exe
    2014-07-14 17:51 - 2014-07-21 15:26 - 00000000 ____D () C:\FRST
    2014-07-14 17:48 - 2014-07-14 17:48 - 00010701 _____ () C:\Users\Quovadis\Downloads\fixlist.txt
    2014-07-14 17:43 - 2014-07-14 17:43 - 01348263 _____ () C:\Users\Quovadis\Downloads\AdwCleaner.exe
    2014-07-14 16:46 - 2014-07-14 16:46 - 00007611 _____ () C:\Users\Quovadis\AppData\Local\Resmon.ResmonCfg
    2014-07-13 19:00 - 2014-07-13 19:00 - 00000000 ____D () C:\SUPERDelete
    2014-07-13 18:56 - 2014-07-20 18:56 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589.job
    2014-07-13 18:56 - 2014-07-19 18:16 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325.job
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589
    2014-07-13 18:56 - 2014-07-13 18:56 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-13 18:55 - 2014-07-13 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-13 18:55 - 2014-07-13 18:56 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-13 18:55 - 2014-07-13 18:55 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-13 18:55 - 2014-07-13 18:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-13 18:53 - 2014-07-13 18:53 - 20019200 _____ (SUPERAntiSpyware) C:\Users\Quovadis\Downloads\SUPERAntiSpyware.exe
    2014-07-13 13:48 - 2014-07-13 13:48 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu (1).exe
    2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\ProgramData\ChromeHelper
    2014-07-09 17:58 - 2014-07-09 17:58 - 00000000 ____D () C:\Windows\pss
    2014-07-08 06:17 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-08 06:17 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-08 06:17 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-08 06:17 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-08 06:17 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-08 06:17 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-08 06:17 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-08 06:17 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-08 06:17 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-08 06:17 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-08 06:17 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-08 06:17 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-08 06:17 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-08 06:17 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-08 06:17 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-08 06:16 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-08 06:16 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-08 06:16 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-08 06:16 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-08 06:16 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-08 06:16 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-08 06:16 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-08 06:16 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-08 06:16 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-08 06:16 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-08 06:16 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-08 06:16 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-08 06:16 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-08 06:16 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-08 06:16 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-08 06:16 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-08 06:16 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-08 06:16 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-08 06:16 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-08 06:16 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-08 06:16 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-08 06:16 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-08 06:16 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-08 06:16 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-08 06:16 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-08 06:16 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-08 06:16 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-08 06:16 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-08 06:16 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-08 06:16 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-08 06:16 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-08 06:16 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-08 06:16 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-08 06:16 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-08 06:16 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-08 06:16 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-08 06:16 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-08 06:16 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-08 06:16 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-08 06:16 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-08 06:16 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-08 06:16 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-08 06:16 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-08 06:16 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-08 06:16 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-08 06:16 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-08 06:14 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-08 06:14 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-08 06:14 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-08 06:09 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-08 06:09 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-08 06:09 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-07 18:58 - 2014-07-07 18:58 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\iqkeo.sys
    2014-07-07 14:17 - 2014-07-10 06:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-07 14:10 - 2014-07-15 04:12 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-07 14:10 - 2014-07-15 04:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-07 14:10 - 2014-07-15 04:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-07 14:10 - 2014-07-07 14:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-07 14:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-07 14:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-07 14:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-07 14:08 - 2014-07-07 14:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-07 13:52 - 2014-07-07 13:52 - 00326751 _____ () C:\Users\Quovadis\Downloads\MalwareBytes.exe
    2014-07-07 13:16 - 2014-07-07 13:16 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-07-07 13:13 - 2014-07-07 13:14 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu.exe
    2014-07-03 17:49 - 2014-07-03 17:49 - 00000000 _____ () C:\Windows\SysWOW64\shoB95.tmp
     
    ==================== One Month Modified Files and Folders =======
     
    2014-07-21 15:26 - 2014-07-21 15:26 - 00040230 _____ () C:\Users\Quovadis\Desktop\FRST.txt
    2014-07-21 15:26 - 2014-07-14 17:51 - 00000000 ____D () C:\FRST
    2014-07-21 15:24 - 2014-07-21 15:25 - 02090496 _____ (Farbar) C:\Users\Quovadis\Desktop\FRST64.exe
    2014-07-21 15:24 - 2014-07-21 15:24 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64 (1).exe
    2014-07-21 15:20 - 2014-06-09 19:52 - 00000330 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
    2014-07-21 15:19 - 2012-12-15 12:52 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-21 14:47 - 2012-12-15 12:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-21 14:43 - 2014-07-21 14:43 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64.exe
    2014-07-21 14:42 - 2010-10-28 21:11 - 01253448 _____ () C:\Windows\WindowsUpdate.log
    2014-07-21 13:12 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-21 13:12 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-21 13:11 - 2009-07-14 00:13 - 00796788 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-21 13:05 - 2013-11-06 17:46 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
    2014-07-21 13:05 - 2013-11-06 17:46 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
    2014-07-21 13:05 - 2013-11-06 17:46 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
    2014-07-21 13:04 - 2014-02-26 00:07 - 00008105 _____ () C:\Windows\setupact.log
    2014-07-21 13:04 - 2012-12-15 12:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-21 13:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-20 21:15 - 2013-04-16 15:40 - 00000000 ____D () C:\Users\Quovadis\AppData\Local\CrashDumps
    2014-07-20 18:56 - 2014-07-13 18:56 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589.job
    2014-07-20 09:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-07-20 00:13 - 2014-02-27 01:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-20 00:12 - 2014-07-20 00:12 - 501918954 _____ () C:\Windows\MEMORY.DMP
    2014-07-20 00:12 - 2014-07-20 00:12 - 00275328 _____ () C:\Windows\Minidump\072014-33665-01.dmp
    2014-07-20 00:12 - 2014-07-20 00:12 - 00000000 ____D () C:\Windows\Minidump
    2014-07-20 00:01 - 2014-07-20 00:01 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach (1).zip
    2014-07-19 23:51 - 2014-07-19 23:51 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach.zip
    2014-07-19 23:49 - 2014-07-19 23:49 - 00005067 _____ () C:\Users\Quovadis\Desktop\attach.zip
    2014-07-19 23:41 - 2014-07-19 23:42 - 00025572 _____ () C:\Users\Quovadis\Desktop\dds.txt
    2014-07-19 23:37 - 2014-07-19 23:37 - 00370943 _____ () C:\Users\Quovadis\Downloads\gmer.zip
    2014-07-19 23:36 - 2014-07-19 23:36 - 00688992 ____R (Swearware) C:\Users\Quovadis\Downloads\dds.com
    2014-07-19 18:27 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-07-19 18:24 - 2009-07-13 23:45 - 00650520 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-19 18:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-07-19 18:16 - 2014-07-13 18:56 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325.job
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2014-07-18 11:30 - 2014-07-18 11:29 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-07-18 00:46 - 2014-07-15 19:54 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-07-18 00:46 - 2010-10-28 21:27 - 00000000 ____D () C:\ProgramData\Temp
    2014-07-17 23:50 - 2014-07-17 23:50 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-07-17 23:50 - 2014-07-17 23:49 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-17 21:16 - 2014-02-27 15:49 - 00000485 _____ () C:\Windows\wininit.ini
    2014-07-17 21:16 - 2011-01-17 06:22 - 00000000 ____D () C:\Users\Quovadis
    2014-07-16 02:11 - 2014-07-15 20:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-07-15 20:46 - 2014-07-15 20:46 - 00000000 ____D () C:\Users\Quovadis\Documents\ProcAlyzer Dumps
    2014-07-15 20:34 - 2014-07-15 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-07-15 19:54 - 2014-07-15 19:54 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Licenses
    2014-07-15 19:53 - 2014-07-15 19:53 - 04095448 _____ (BrightFort LLC ) C:\Users\Quovadis\Downloads\spywareblastersetup50.exe
    2014-07-15 19:44 - 2014-07-15 19:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Quovadis\Downloads\spybot-2.4.exe
    2014-07-15 19:40 - 2014-07-15 19:40 - 04812672 _____ (Piriform Ltd) C:\Users\Quovadis\Downloads\ccsetup415.exe
    2014-07-15 14:30 - 2014-02-27 02:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierCA.job
    2014-07-15 04:51 - 2014-07-15 04:51 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Quovadis\Downloads\rkill.exe
    2014-07-15 04:44 - 2014-07-15 04:44 - 03894696 _____ (solvusoft Corporation ) C:\Users\Quovadis\Downloads\Roboot64.exe_Error_Repair_Tool-WinThruster.exe
    2014-07-15 04:38 - 2014-07-15 04:38 - 00000000 ____D () C:\Users\Quovadis\Desktop\mbam-chameleon-3.1.4.0
    2014-07-15 04:20 - 2014-07-15 04:20 - 04872677 _____ () C:\Users\Quovadis\Desktop\mbam-chameleon-3.1.4.0.zip
    2014-07-15 04:12 - 2014-07-07 14:10 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-15 04:12 - 2014-07-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-15 04:12 - 2014-07-07 14:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-15 04:11 - 2014-07-15 04:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-14 22:53 - 2014-07-14 22:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Documents\ced.exe
    2014-07-14 22:24 - 2014-03-03 00:02 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
    2014-07-14 17:48 - 2014-07-14 17:48 - 00010701 _____ () C:\Users\Quovadis\Downloads\fixlist.txt
    2014-07-14 17:43 - 2014-07-14 17:43 - 01348263 _____ () C:\Users\Quovadis\Downloads\AdwCleaner.exe
    2014-07-14 16:46 - 2014-07-14 16:46 - 00007611 _____ () C:\Users\Quovadis\AppData\Local\Resmon.ResmonCfg
    2014-07-13 23:27 - 2014-02-27 01:15 - 02462402 _____ () C:\Windows\PFRO.log
    2014-07-13 19:00 - 2014-07-13 19:00 - 00000000 ____D () C:\SUPERDelete
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589
    2014-07-13 18:56 - 2014-07-13 18:56 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-13 18:56 - 2014-07-13 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-13 18:56 - 2014-07-13 18:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-13 18:55 - 2014-07-13 18:55 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-13 18:55 - 2014-07-13 18:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-13 18:53 - 2014-07-13 18:53 - 20019200 _____ (SUPERAntiSpyware) C:\Users\Quovadis\Downloads\SUPERAntiSpyware.exe
    2014-07-13 13:48 - 2014-07-13 13:48 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu (1).exe
    2014-07-11 09:25 - 2011-02-04 13:10 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-07-11 06:00 - 2014-05-06 21:45 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\HpUpdate
    2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\ProgramData\ChromeHelper
    2014-07-10 06:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-07-10 06:03 - 2014-07-07 14:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-09 17:58 - 2014-07-09 17:58 - 00000000 ____D () C:\Windows\pss
    2014-07-09 05:19 - 2014-05-06 05:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-09 05:19 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-09 05:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-09 05:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-09 05:09 - 2013-07-31 17:13 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-09 05:05 - 2013-03-06 23:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-08 18:56 - 2014-03-02 23:44 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
    2014-07-08 18:56 - 2014-02-24 05:10 - 00000000 ____D () C:\temp
    2014-07-08 14:54 - 2012-12-15 12:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-08 14:54 - 2012-12-15 12:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-08 14:54 - 2012-12-15 12:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-07 18:58 - 2014-07-07 18:58 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\iqkeo.sys
    2014-07-07 18:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
    2014-07-07 18:56 - 2013-02-27 09:20 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\Systweak
    2014-07-07 18:55 - 2014-02-24 05:20 - 00000000 ____D () C:\Program Files (x86)\Amazon
    2014-07-07 18:50 - 2014-03-05 17:16 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\IDM2
    2014-07-07 18:50 - 2014-02-25 22:21 - 00000000 ____D () C:\Users\Quovadis\AppData\Local\SwvUpdater
    2014-07-07 17:32 - 2014-02-27 03:20 - 00238128 _____ () C:\Windows\RegBootClean64.exe
    2014-07-07 14:10 - 2014-07-07 14:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-07 14:08 - 2014-07-07 14:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-07 13:52 - 2014-07-07 13:52 - 00326751 _____ () C:\Users\Quovadis\Downloads\MalwareBytes.exe
    2014-07-07 13:16 - 2014-07-07 13:16 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-07-07 13:14 - 2014-07-07 13:13 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu.exe
    2014-07-03 17:49 - 2014-07-03 17:49 - 00000000 _____ () C:\Windows\SysWOW64\shoB95.tmp
    2014-07-03 17:03 - 2011-01-21 06:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-06-29 21:09 - 2014-07-08 06:17 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-29 21:04 - 2014-07-08 06:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
     
    Some content of TEMP:
    ====================
    C:\Users\Quovadis\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Quovadis\AppData\Local\Temp\ose00000.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== BCD ================================
     
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume2
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {7327245f-e308-11df-aba1-be2243f09926}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
     
    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {73272461-e308-11df-aba1-be2243f09926}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {7327245f-e308-11df-aba1-be2243f09926}
    nx                      OptIn
     
    Windows Boot Loader
    -------------------
    identifier              {73272461-e308-11df-aba1-be2243f09926}
    device                  ramdisk=[C:]\Recovery\73272461-e308-11df-aba1-be2243f09926\Winre.wim,{73272462-e308-11df-aba1-be2243f09926}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\73272461-e308-11df-aba1-be2243f09926\Winre.wim,{73272462-e308-11df-aba1-be2243f09926}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes
     
    Resume from Hibernate
    ---------------------
    identifier              {7327245f-e308-11df-aba1-be2243f09926}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  en-US
    inherit                 {resumeloadersettings}
    filedevice              partition=C:
    filepath                \hiberfil.sys
    debugoptionenabled      No
     
    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume2
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    badmemoryaccess         Yes
     
    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 Yes
     
    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
     
    RAM Defects
    -----------
    identifier              {badmemory}
     
    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}
     
    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}
     
    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
     
    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}
     
    Device options
    --------------
    identifier              {73272462-e308-11df-aba1-be2243f09926}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\73272461-e308-11df-aba1-be2243f09926\boot.sdi
     
     
     
    LastRegBack: 2014-07-18 01:31
     
    ==================== End Of Log ============================
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
    Ran by Quovadis at 2014-07-21 15:27:59
    Running from C:\Users\Quovadis\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: Trend Micro Titanium (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
    AS: Trend Micro Titanium (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
     
    ==================== Installed Programs ======================
     
    18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
    Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
    Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Amazon 1Button App (x32 Version: 1.0.4 - Amazon) Hidden
    AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{21958FA9-A346-4745-E831-98013FA0C203}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
    Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    ccc-utility64 (Version: 2010.0421.657.10561 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
    Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Corel PDF Fusion (HKLM\...\{7D93C785-B8CD-4B29-BBAA-8D28E30A5910}) (Version: 1.11.0000 - Corel Corporation)
    Corel PDF Fusion Add-ins (HKLM-x32\...\{41635206-C6D5-4AEF-BCD6-CEDBC5BDD336}) (Version: 1.11.0 - Corel Corporation)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
    CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
    Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
    DriverUpdate (HKLM-x32\...\{65C92136-6AF0-4E70-88D2-D19E739CE285}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
    eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
    eMedia Piano For Dummies (HKLM-x32\...\{D0D24351-FF92-450e-8143-6D848C6EFAC6}) (Version:  - eMedia Piano For Dummies)
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
    EPSON Stylus CX6000 Scanner Driver Update (HKLM-x32\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
    eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
    Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version:  - )
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation)
    Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 3.1.0.10 - WildTangent, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
    HP ENVY 5530 series Basic Device Software (HKLM\...\{E43084F2-A74C-47A3-BD6D-AA57FC0A381E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Internet Download Manager² 1.0 (HKLM-x32\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
    IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Creative Writer 2 (HKLM-x32\...\Creative Writer 2) (Version:  - )
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
    Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
    MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Muvic Smartbar (HKLM-x32\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION
    Muvic Smartbar Engine (HKCU\...\{9291302a-3718-48fd-bf58-775fa899f464}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION
    MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
    Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.71.0 - Symantec Corporation)
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
    PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Product Improvement Study for HP ENVY 5530 series (HKLM\...\{3FB74B78-098D-48EF-8CC4-BE6C431C0E16}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    PSPPContent (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    QuickVerse 2010 (HKLM-x32\...\{088F4D39-60DE-4E41-A3FF-A43A541028E6}) (Version: 14.0.1.1 - Findex)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
    RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: 1.00.000 - )
    SavErPro (HKLM-x32\...\{94851E46-5E5B-DD67-2593-709E8D27DC4C}) (Version:  - SaaverrPro)
    SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
    Search module (HKLM-x32\...\Search module) (Version:  - Search Module)
    Setup (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com)
    Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
    The Print Shop 20 (HKLM-x32\...\{152BF35B-56D7-4652-B519-1661AAC270EE}) (Version: 20.00.0000 - Broderbund Software)
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
    Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
    Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Video-Saver (HKLM-x32\...\932c30fc-2d2d-4fda-b0a6-f361cf5eed96) (Version:  - Video-Saver Soft)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.2 - WildTangent)
    Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    WordExtra (HKCU\...\WordExtra) (Version: 1 - http://www.wordextra.com)
    YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader)
    Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
     
    ==================== Restore Points  =========================
     
    15-07-2014 09:56:27 Windows Update
    18-07-2014 16:20:04 Windows Update
    20-07-2014 06:56:57 Windows Update
     
    ==================== Hosts content: ==========================
     
    2009-07-13 21:34 - 2014-07-15 20:42 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
     
    There are 1000 more lines.
     
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {089C109B-7A67-4518-9FED-22845A14B27A} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-01-15] (SlimWare Utilities, Inc.)
    Task: {0B957E77-F4DF-49D5-8CE7-D952BD067715} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    Task: {1B32CC3C-3140-422B-8E5A-ED320EA21628} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {1C71B93B-4DE2-4F41-918D-C8CA981B050F} - System32\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {1D8FC723-EE71-4BC1-9B73-56D895CAE02F} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-06-09] ()
    Task: {20E30D82-14B0-41B2-BC89-AF72DCDC26DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {211C2CE9-1371-4EFD-9DB8-FE424BA35DDD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {3CECF63E-C845-4CFC-A3CB-57CDA4887E71} - System32\Tasks\VuuPCUpdateLogin => C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe
    Task: {3DBD8503-E740-4DFD-8A28-6D6B7229688F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {4BBD77CD-E47C-4FDE-899B-3E78736AC726} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {532BDD13-908B-4A23-A05B-7559FBD978DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {5BC93178-B41A-4B29-AE7B-92707617001A} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
    Task: {5BECF670-E639-4DD2-A4BF-2257F8B336E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {61545CC9-C187-4E51-AB10-3C8A5FD908D1} - System32\Tasks\VuuPCUpdate => C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe
    Task: {6E9715B5-F400-42DB-B112-19A5A00FE3B1} - System32\Tasks\SMW_UpdateTask_Time_333133313135303832382d3237575a236c6c3255342a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
    Task: {6F9DA181-0A30-43F4-A620-FA6D732F3AFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
    Task: {78DCEFE9-1882-4D5C-9BA7-E1585B8E5750} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {79942E3E-44B6-49FF-8533-8DBAC1082EEE} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-04] (AnyProtect by CMI)
    Task: {97A53A95-2C1C-4881-BA7A-53F5619A429F} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
    Task: {9ACA3C5B-1077-4273-83A6-557A351BEE58} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
    Task: {B64D43B5-0C5F-4B5D-B79A-1FC9B7701E79} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
    Task: {C09F5353-7E9A-4C8A-B925-9C7BE3C7A850} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {C401C1B6-EF9F-4388-B036-DF885F494509} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {C88A6F43-11C6-4486-8B88-8C9D4336ABE9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {CA8A01B0-E7AA-462D-996D-425252023127} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15] (Google Inc.)
    Task: {D4D321DE-C5B3-4211-93F7-F2991D8231DC} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
    Task: {D77665F2-19ED-4559-97A5-BCE66C5269D3} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
    Task: {F8875BEB-C1EA-4523-80CE-E557D00F9572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-04-25 12:48 - 2012-04-25 12:48 - 00146432 _____ () C:\Windows\System32\corelcreatorpm.dll
    2014-02-27 01:49 - 2012-05-02 14:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
    2014-02-27 01:49 - 2012-05-02 14:24 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
    2014-02-27 01:49 - 2012-05-02 14:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
    2014-02-27 01:49 - 2012-05-02 14:25 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
    2014-02-27 01:49 - 2012-05-02 14:25 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll
    2014-02-27 01:45 - 2012-07-25 10:53 - 00289088 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
    2014-06-09 19:51 - 2014-06-09 19:51 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
    2014-07-15 20:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-15 20:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-07-15 20:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-15 20:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-07-15 20:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\Users\Quovadis\Documents\SHOWER INVITATION.nws:OECustomProperty
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    MSCONFIG\Services: ChromeHelperUpdt => 3
    MSCONFIG\Services: DsiWMIService => 2
    MSCONFIG\Services: FLEXnet Licensing Service => 3
    MSCONFIG\Services: GamesAppIntegrationService => 3
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: MWLService => 3
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
    MSCONFIG\Services: NTI IScheduleSvc => 2
    MSCONFIG\Services: PSI_SVC_2 => 2
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    MSCONFIG\startupreg: BrowserSafeguard => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
    MSCONFIG\startupreg: ChromeHelper => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
    MSCONFIG\startupreg: CorelCreatorClient => C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
    MSCONFIG\startupreg: CrawlerToolbar => "C:\Program Files (x86)\Crawler Toolbar\Crawler.exe" /STARTUP
    MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
    MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    MSCONFIG\startupreg: OOTag => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
     
    ==================== Faulty Device Manager Devices =============
     
    Name: CDC Serial
    Description: CDC Serial
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (07/20/2014 09:15:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
    Exception code: 0xc0000005
    Fault offset: 0x0006ce5c
    Faulting process id: 0x1300
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3
     
    Error: (07/20/2014 09:39:03 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (07/20/2014 09:29:50 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error: (07/20/2014 09:24:15 AM) (Source: SideBySide) (EventID: 72) (User: )
    Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
    The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
     
    Error: (07/20/2014 09:23:46 AM) (Source: SideBySide) (EventID: 72) (User: )
    Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
    The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
     
    Error: (07/20/2014 09:22:56 AM) (Source: SideBySide) (EventID: 72) (User: )
    Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
    The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
     
    Error: (07/19/2014 11:55:51 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error: (07/19/2014 11:55:51 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error: (07/19/2014 06:32:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
    Exception code: 0xc0000005
    Fault offset: 0x0006ce5c
    Faulting process id: 0x13b8
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3
     
    Error: (07/19/2014 06:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
    Exception code: 0xc0000005
    Fault offset: 0x0006ce5c
    Faulting process id: 0x1048
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3
     
     
    System errors:
    =============
    Error: (07/21/2014 01:04:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Search Module Update service failed to start due to the following error: 
    %%2
     
    Error: (07/20/2014 08:16:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Search Module Update service failed to start due to the following error: 
    %%2
     
    Error: (07/20/2014 00:17:02 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005
     
    Error: (07/20/2014 00:13:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Search Module Update service failed to start due to the following error: 
    %%2
     
    Error: (07/20/2014 00:12:56 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x0000000a (0x0000000000f8001e, 0x0000000000000002, 0x0000000000000000, 0xfffff800032d4a55)C:\Windows\MEMORY.DMP072014-33665-01
     
    Error: (07/20/2014 00:12:44 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:11:00 AM on ‎7/‎20/‎2014 was unexpected.
     
    Error: (07/19/2014 06:29:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005
     
    Error: (07/19/2014 06:25:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Search Module Update service failed to start due to the following error: 
    %%2
     
    Error: (07/19/2014 06:19:23 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
     
    Error: (07/19/2014 06:19:07 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 59%
    Total physical RAM: 2810.9 MB
    Available physical RAM: 1135.19 MB
    Total Pagefile: 5619.98 MB
    Available Pagefile: 3381.02 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB
     
    ==================== Drives ================================
     
    Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:194.74 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9DB7409C)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
    It also created a shortcut.txt file.

     

    Attached Files



    #7 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:03:24 AM

    Posted 23 July 2014 - 02:13 PM

    Hi there,
     
    We need to run a fix with FRST:
    • Please download the attached Attached File  fixlist.txt   2.67KB   3 downloads file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    (( INSERT ATTACHMENT ))
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
     
     
     
    How is the computer behaving now?
     
     
     
    Elle 

    Edited by Blind Faith, 23 July 2014 - 02:13 PM.

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #8 cainst

    cainst
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 24 July 2014 - 02:49 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
    Ran by Quovadis at 2014-07-24 02:36:53 Run:1
    Running from C:\Users\Quovadis\Desktop
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    HKLM-x32\...\Run: [] => [X]
    AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
    SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    c:\progra~2\searchprotect\searchprotect\
     
    *****************


    #9 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:03:24 AM

    Posted 25 July 2014 - 07:28 PM

    Has your PC shown any sign of improvement?

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #10 cainst

    cainst
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 25 July 2014 - 09:09 PM

    Yes. Browser searches are working correctly. I had to reinstall malwarebytes to get it to run. The laptop still seems slow but maybe thats just old age. Are there any other scans to run? Should any old backups or restore points be deleted?

    #11 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:03:24 AM

    Posted 27 July 2014 - 04:43 AM

    Hello,

     

     

    Can you please rerun FRST as instructed here (without the installation part) ? I need to see if the baddies are actually gone.

     

     

     

    Ellle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #12 cainst

    cainst
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 27 July 2014 - 03:17 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
    Ran by Quovadis (administrator) on QUOVADIS-PC on 27-07-2014 15:11:25
    Running from C:\Users\Quovadis\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\ProgramData\HP Photo Creations\Communicator.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
    HKLM\...\Run: [EPSON Stylus CX6000 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIA.EXE [131072 2006-02-13] (SEIKO EPSON CORPORATION)
    HKLM\...\Run: [EPSON Stylus CX6000 Series (Copy 4)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIA.EXE [131072 2006-02-13] (SEIKO EPSON CORPORATION)
    HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-472526558-1063517572-3556198000-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [155456 2013-12-15] ()
    AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
    AppInit_DLLs-x32: , c:\progra~2\amazon\amazon~1\\amazon~3.dll => c:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [138048 2013-12-15] ()
    Startup: C:\Users\Quovadis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    ProxyServer: http=127.0.0.1:49364;https=127.0.0.1:49364
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
    SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
    BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
    BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
    BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
    BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
    DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
    Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} -  No File
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebInf64.dll No File
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - C:\Program Files (x86)\QuickVerse 2010\qvprotwrapper.dll (Findex Inc.)
    Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
    Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
     
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-07-19]
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-02-27]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-07-19]
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.yahoo.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-15]
    CHR Extension: (Search) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-15]
    CHR Extension: (Google Wallet) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
    CHR Extension: (Gmail) - C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-15]
    CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx [2012-12-15]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    S4 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-08] ()
    S3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd) [File not signed]
    S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
    S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
    S2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service [X]
    S4 Util FindRight;  [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-27] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2013-12-20] (YTDownloader)
    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-02] ()
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-24] ()
    R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
    R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
    R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
    U2 TMAgent; 
     
    ========================== Drivers MD5 =======================
     
    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\atipmdag.sys D3E6B2E1394D93FE9DB0BA24814B0D8F
    C:\Windows\System32\DRIVERS\atikmpag.sys CC4D915D786D3DA973B2EA9B95D59A29
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\athrx.sys E642491F64E58CD5BC8FB8B347DCF65F
    C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
    C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
    C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
    C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
    C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
    C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
    C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
    C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
    C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647
    C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
    C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
    C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
    C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
    C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
    C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
    C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
    C:\Windows\System32\drivers\RtHDMIVX.sys D6D381B76056C668679723938F06F16C
    C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
    C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
    C:\Program Files (x86)\YTDownloader\sbmntr.sys 02A7C147402861B794EFFD439772122D
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
    C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
    C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
    C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
    C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys 285036B3E1CD1B0312B0BBFBC6292AD7
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SWDUMon.sys 2E3ACFDA0B792707C59B307ABB6A6E95
    C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4
    C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tmactmon.sys 11BA90E951B9C156F574A112B543269A
    C:\Windows\System32\DRIVERS\tmcomm.sys A7CF9B841956293F20E25E08D53718D6
    C:\Windows\System32\DRIVERS\TMEBC64.sys 9D86A57FB83E39A967CD8D3AAE8A170A
    C:\Windows\System32\DRIVERS\tmeevw.sys 684AEC0A24E2E8F7A6723DA92078BFC1
    C:\Windows\System32\DRIVERS\tmevtmgr.sys 5050F9BC7EC8B1F7E8B7959F5C889486
    C:\Windows\System32\DRIVERS\tmnciesc.sys 0FED34E72250A068BC4E7BA6EA07E7A0
    C:\Windows\System32\DRIVERS\tmtdi.sys 48951FBFFFCAE52FADFCDFB76ED19749
    C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
    C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
    C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
    C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
    C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
    C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
    C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
    C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
    C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
    C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-07-27 15:11 - 2014-07-27 15:12 - 00040917 _____ () C:\Users\Quovadis\Desktop\FRST.txt
    2014-07-24 13:37 - 2014-07-27 15:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-24 13:36 - 2014-07-24 13:36 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-24 13:36 - 2014-07-24 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-24 13:36 - 2014-07-24 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-24 13:36 - 2014-07-24 13:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-24 13:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-24 13:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-24 13:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-24 13:34 - 2014-07-24 13:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012 (2).exe
    2014-07-24 13:11 - 2014-07-24 13:11 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Quovadis\Downloads\mbam-clean-2.1.1.1001.exe
    2014-07-24 13:03 - 2014-07-24 13:04 - 00012288 ___SH () C:\Users\Quovadis\Thumbs.db
    2014-07-24 02:31 - 2014-07-24 02:30 - 00002739 _____ () C:\Users\Quovadis\Desktop\fixlist.txt
    2014-07-24 02:30 - 2014-07-24 02:30 - 00002739 _____ () C:\Users\Quovadis\Downloads\fixlist (1).txt
    2014-07-21 15:24 - 2014-07-21 15:24 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64 (1).exe
    2014-07-21 14:43 - 2014-07-21 14:43 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64.exe
    2014-07-20 00:12 - 2014-07-20 00:12 - 501918954 _____ () C:\Windows\MEMORY.DMP
    2014-07-20 00:12 - 2014-07-20 00:12 - 00275328 _____ () C:\Windows\Minidump\072014-33665-01.dmp
    2014-07-20 00:12 - 2014-07-20 00:12 - 00000000 ____D () C:\Windows\Minidump
    2014-07-20 00:01 - 2014-07-20 00:01 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach (1).zip
    2014-07-19 23:51 - 2014-07-19 23:51 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach.zip
    2014-07-19 23:37 - 2014-07-19 23:37 - 00370943 _____ () C:\Users\Quovadis\Downloads\gmer.zip
    2014-07-19 23:36 - 2014-07-19 23:36 - 00688992 ____R (Swearware) C:\Users\Quovadis\Downloads\dds.com
    2014-07-19 18:43 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-07-19 18:43 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-07-19 18:43 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-07-19 18:43 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2014-07-18 11:29 - 2014-07-18 11:30 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-07-18 11:28 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-07-18 11:28 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-07-18 11:28 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-07-18 11:28 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-07-18 11:28 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-07-18 11:28 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-07-18 11:28 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-07-18 11:28 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-07-18 11:28 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-07-18 11:28 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-07-18 11:28 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-07-18 11:28 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-07-18 11:28 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-07-18 11:28 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-07-18 11:28 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-07-18 11:28 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-07-18 11:23 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2014-07-18 11:22 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-07-18 11:22 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2014-07-18 11:22 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2014-07-18 11:19 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-07-18 11:19 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-07-18 11:19 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-07-18 11:19 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-07-17 23:50 - 2014-07-17 23:50 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-07-17 23:49 - 2014-07-17 23:50 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-15 20:46 - 2014-07-15 20:46 - 00000000 ____D () C:\Users\Quovadis\Documents\ProcAlyzer Dumps
    2014-07-15 20:42 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140715-204248.backup
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-07-15 20:28 - 2014-07-16 02:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-07-15 20:28 - 2014-07-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-15 20:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2014-07-15 19:54 - 2014-07-18 00:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-07-15 19:54 - 2014-07-15 19:54 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Licenses
    2014-07-15 19:53 - 2014-07-15 19:53 - 04095448 _____ (BrightFort LLC ) C:\Users\Quovadis\Downloads\spywareblastersetup50.exe
    2014-07-15 19:43 - 2014-07-15 19:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Quovadis\Downloads\spybot-2.4.exe
    2014-07-15 19:40 - 2014-07-15 19:40 - 04812672 _____ (Piriform Ltd) C:\Users\Quovadis\Downloads\ccsetup415.exe
    2014-07-15 04:51 - 2014-07-15 04:51 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Quovadis\Downloads\rkill.exe
    2014-07-15 04:44 - 2014-07-15 04:44 - 03894696 _____ (solvusoft Corporation ) C:\Users\Quovadis\Downloads\Roboot64.exe_Error_Repair_Tool-WinThruster.exe
    2014-07-15 04:38 - 2014-07-15 04:38 - 00000000 ____D () C:\Users\Quovadis\Desktop\mbam-chameleon-3.1.4.0
    2014-07-15 04:11 - 2014-07-15 04:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-14 22:53 - 2014-07-14 22:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Documents\ced.exe
    2014-07-14 17:51 - 2014-07-27 15:11 - 00000000 ____D () C:\FRST
    2014-07-14 17:48 - 2014-07-14 17:48 - 00010701 _____ () C:\Users\Quovadis\Downloads\fixlist.txt
    2014-07-14 17:43 - 2014-07-24 12:44 - 02093568 _____ (Farbar) C:\Users\Quovadis\Desktop\FRST64.exe
    2014-07-14 17:43 - 2014-07-14 17:43 - 01348263 _____ () C:\Users\Quovadis\Downloads\AdwCleaner.exe
    2014-07-14 16:46 - 2014-07-14 16:46 - 00007611 _____ () C:\Users\Quovadis\AppData\Local\Resmon.ResmonCfg
    2014-07-13 19:00 - 2014-07-13 19:00 - 00000000 ____D () C:\SUPERDelete
    2014-07-13 18:56 - 2014-07-27 14:59 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589.job
    2014-07-13 18:56 - 2014-07-27 03:11 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325.job
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589
    2014-07-13 18:56 - 2014-07-13 18:56 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-13 18:55 - 2014-07-13 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-13 18:55 - 2014-07-13 18:56 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-13 18:55 - 2014-07-13 18:55 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-13 18:55 - 2014-07-13 18:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-13 18:53 - 2014-07-13 18:53 - 20019200 _____ (SUPERAntiSpyware) C:\Users\Quovadis\Downloads\SUPERAntiSpyware.exe
    2014-07-13 13:48 - 2014-07-13 13:48 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu (1).exe
    2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\ProgramData\ChromeHelper
    2014-07-09 17:58 - 2014-07-09 17:58 - 00000000 ____D () C:\Windows\pss
    2014-07-08 06:17 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-08 06:17 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-08 06:17 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-08 06:17 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-08 06:17 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-08 06:17 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-08 06:17 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-08 06:17 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-08 06:17 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-08 06:17 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-08 06:17 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-08 06:17 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-08 06:17 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-08 06:17 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-08 06:17 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-08 06:16 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-08 06:16 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-08 06:16 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-08 06:16 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-08 06:16 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-08 06:16 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-08 06:16 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-08 06:16 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-08 06:16 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-08 06:16 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-08 06:16 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-08 06:16 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-08 06:16 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-08 06:16 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-08 06:16 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-08 06:16 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-08 06:16 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-08 06:16 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-08 06:16 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-08 06:16 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-08 06:16 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-08 06:16 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-08 06:16 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-08 06:16 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-08 06:16 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-08 06:16 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-08 06:16 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-08 06:16 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-08 06:16 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-08 06:16 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-08 06:16 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-08 06:16 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-08 06:16 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-08 06:16 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-08 06:16 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-08 06:16 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-08 06:16 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-08 06:16 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-08 06:16 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-08 06:16 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-08 06:16 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-08 06:16 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-08 06:16 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-08 06:16 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-08 06:16 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-08 06:16 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-08 06:14 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-08 06:14 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-08 06:14 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-08 06:09 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-08 06:09 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-08 06:09 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-08 06:07 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-08 06:07 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-07 18:58 - 2014-07-07 18:58 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\iqkeo.sys
    2014-07-07 14:08 - 2014-07-07 14:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-07 13:52 - 2014-07-07 13:52 - 00326751 _____ () C:\Users\Quovadis\Downloads\MalwareBytes.exe
    2014-07-07 13:16 - 2014-07-07 13:16 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-07-07 13:13 - 2014-07-07 13:14 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu.exe
    2014-07-03 17:49 - 2014-07-03 17:49 - 00000000 _____ () C:\Windows\SysWOW64\shoB95.tmp
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-07-27 15:12 - 2014-07-27 15:11 - 00040917 _____ () C:\Users\Quovadis\Desktop\FRST.txt
    2014-07-27 15:11 - 2014-07-14 17:51 - 00000000 ____D () C:\FRST
    2014-07-27 15:00 - 2014-07-24 13:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-27 15:00 - 2012-12-15 12:52 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-27 15:00 - 2012-12-15 12:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-27 14:59 - 2014-07-13 18:56 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589.job
    2014-07-27 14:59 - 2014-06-09 19:52 - 00000330 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
    2014-07-27 14:59 - 2010-10-28 21:11 - 01418497 _____ () C:\Windows\WindowsUpdate.log
    2014-07-27 03:19 - 2012-12-15 12:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-27 03:19 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-27 03:19 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-27 03:11 - 2014-07-13 18:56 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325.job
    2014-07-26 20:37 - 2013-04-16 15:40 - 00000000 ____D () C:\Users\Quovadis\AppData\Local\CrashDumps
    2014-07-25 14:05 - 2009-07-14 00:13 - 00796788 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-24 13:36 - 2014-07-24 13:36 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-24 13:36 - 2014-07-24 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-24 13:36 - 2014-07-24 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-24 13:36 - 2014-07-24 13:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-24 13:35 - 2014-07-24 13:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012 (2).exe
    2014-07-24 13:18 - 2013-11-06 17:46 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
    2014-07-24 13:18 - 2013-11-06 17:46 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
    2014-07-24 13:17 - 2014-02-26 00:07 - 00008385 _____ () C:\Windows\setupact.log
    2014-07-24 13:17 - 2013-11-06 17:46 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
    2014-07-24 13:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-24 13:16 - 2014-02-27 01:15 - 02477258 _____ () C:\Windows\PFRO.log
    2014-07-24 13:11 - 2014-07-24 13:11 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Quovadis\Downloads\mbam-clean-2.1.1.1001.exe
    2014-07-24 13:04 - 2014-07-24 13:03 - 00012288 ___SH () C:\Users\Quovadis\Thumbs.db
    2014-07-24 13:03 - 2011-01-17 06:22 - 00000000 ____D () C:\Users\Quovadis
    2014-07-24 12:44 - 2014-07-14 17:43 - 02093568 _____ (Farbar) C:\Users\Quovadis\Desktop\FRST64.exe
    2014-07-24 03:09 - 2013-03-14 22:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-24 03:09 - 2013-03-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-07-24 03:06 - 2013-03-14 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-07-24 02:40 - 2014-02-27 03:20 - 00238128 _____ () C:\Windows\RegBootClean64.exe
    2014-07-24 02:30 - 2014-07-24 02:31 - 00002739 _____ () C:\Users\Quovadis\Desktop\fixlist.txt
    2014-07-24 02:30 - 2014-07-24 02:30 - 00002739 _____ () C:\Users\Quovadis\Downloads\fixlist (1).txt
    2014-07-22 13:39 - 2014-02-27 02:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierCA.job
    2014-07-22 04:53 - 2011-01-17 06:23 - 00218168 _____ () C:\Users\Quovadis\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-07-21 15:24 - 2014-07-21 15:24 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64 (1).exe
    2014-07-21 14:43 - 2014-07-21 14:43 - 02090496 _____ (Farbar) C:\Users\Quovadis\Downloads\FRST64.exe
    2014-07-20 09:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-07-20 00:13 - 2014-02-27 01:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-20 00:12 - 2014-07-20 00:12 - 501918954 _____ () C:\Windows\MEMORY.DMP
    2014-07-20 00:12 - 2014-07-20 00:12 - 00275328 _____ () C:\Windows\Minidump\072014-33665-01.dmp
    2014-07-20 00:12 - 2014-07-20 00:12 - 00000000 ____D () C:\Windows\Minidump
    2014-07-20 00:01 - 2014-07-20 00:01 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach (1).zip
    2014-07-19 23:51 - 2014-07-19 23:51 - 00005067 _____ () C:\Users\Quovadis\Downloads\attach.zip
    2014-07-19 23:37 - 2014-07-19 23:37 - 00370943 _____ () C:\Users\Quovadis\Downloads\gmer.zip
    2014-07-19 23:36 - 2014-07-19 23:36 - 00688992 ____R (Swearware) C:\Users\Quovadis\Downloads\dds.com
    2014-07-19 18:27 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-07-19 18:24 - 2009-07-13 23:45 - 00650520 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-19 18:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2014-07-18 11:32 - 2014-07-18 11:32 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
    2014-07-18 11:31 - 2014-07-18 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2014-07-18 11:30 - 2014-07-18 11:29 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-07-18 00:46 - 2014-07-15 19:54 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-07-18 00:46 - 2010-10-28 21:27 - 00000000 ____D () C:\ProgramData\Temp
    2014-07-17 23:50 - 2014-07-17 23:50 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-17 23:50 - 2014-07-17 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-07-17 23:50 - 2014-07-17 23:49 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-17 21:16 - 2014-02-27 15:49 - 00000485 _____ () C:\Windows\wininit.ini
    2014-07-16 02:11 - 2014-07-15 20:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-07-15 20:46 - 2014-07-15 20:46 - 00000000 ____D () C:\Users\Quovadis\Documents\ProcAlyzer Dumps
    2014-07-15 20:34 - 2014-07-15 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
    2014-07-15 20:29 - 2014-07-15 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-07-15 19:54 - 2014-07-15 19:54 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2014-07-15 19:54 - 2014-07-15 19:54 - 00000000 ____D () C:\ProgramData\Licenses
    2014-07-15 19:53 - 2014-07-15 19:53 - 04095448 _____ (BrightFort LLC ) C:\Users\Quovadis\Downloads\spywareblastersetup50.exe
    2014-07-15 19:44 - 2014-07-15 19:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Quovadis\Downloads\spybot-2.4.exe
    2014-07-15 19:40 - 2014-07-15 19:40 - 04812672 _____ (Piriform Ltd) C:\Users\Quovadis\Downloads\ccsetup415.exe
    2014-07-15 04:51 - 2014-07-15 04:51 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Quovadis\Downloads\rkill.exe
    2014-07-15 04:44 - 2014-07-15 04:44 - 03894696 _____ (solvusoft Corporation ) C:\Users\Quovadis\Downloads\Roboot64.exe_Error_Repair_Tool-WinThruster.exe
    2014-07-15 04:38 - 2014-07-15 04:38 - 00000000 ____D () C:\Users\Quovadis\Desktop\mbam-chameleon-3.1.4.0
    2014-07-15 04:11 - 2014-07-15 04:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-14 22:53 - 2014-07-14 22:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Documents\ced.exe
    2014-07-14 22:24 - 2014-03-03 00:02 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
    2014-07-14 17:48 - 2014-07-14 17:48 - 00010701 _____ () C:\Users\Quovadis\Downloads\fixlist.txt
    2014-07-14 17:43 - 2014-07-14 17:43 - 01348263 _____ () C:\Users\Quovadis\Downloads\AdwCleaner.exe
    2014-07-14 16:46 - 2014-07-14 16:46 - 00007611 _____ () C:\Users\Quovadis\AppData\Local\Resmon.ResmonCfg
    2014-07-13 19:00 - 2014-07-13 19:00 - 00000000 ____D () C:\SUPERDelete
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325
    2014-07-13 18:56 - 2014-07-13 18:56 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589
    2014-07-13 18:56 - 2014-07-13 18:56 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-13 18:56 - 2014-07-13 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-13 18:56 - 2014-07-13 18:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-13 18:55 - 2014-07-13 18:55 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-13 18:55 - 2014-07-13 18:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-13 18:53 - 2014-07-13 18:53 - 20019200 _____ (SUPERAntiSpyware) C:\Users\Quovadis\Downloads\SUPERAntiSpyware.exe
    2014-07-13 13:48 - 2014-07-13 13:48 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu (1).exe
    2014-07-11 09:25 - 2011-02-04 13:10 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-07-11 06:00 - 2014-05-06 21:45 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\HpUpdate
    2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\ProgramData\ChromeHelper
    2014-07-10 06:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-07-09 17:58 - 2014-07-09 17:58 - 00000000 ____D () C:\Windows\pss
    2014-07-09 05:19 - 2014-05-06 05:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-09 05:19 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-09 05:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-09 05:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-09 05:09 - 2013-07-31 17:13 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-09 05:05 - 2013-03-06 23:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-08 18:56 - 2014-03-02 23:44 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
    2014-07-08 18:56 - 2014-02-24 05:10 - 00000000 ____D () C:\temp
    2014-07-08 14:54 - 2012-12-15 12:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-08 14:54 - 2012-12-15 12:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-08 14:54 - 2012-12-15 12:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-07 18:58 - 2014-07-07 18:58 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\iqkeo.sys
    2014-07-07 18:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
    2014-07-07 18:56 - 2013-02-27 09:20 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\Systweak
    2014-07-07 18:55 - 2014-02-24 05:20 - 00000000 ____D () C:\Program Files (x86)\Amazon
    2014-07-07 18:50 - 2014-03-05 17:16 - 00000000 ____D () C:\Users\Quovadis\AppData\Roaming\IDM2
    2014-07-07 14:08 - 2014-07-07 14:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Quovadis\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-07 13:52 - 2014-07-07 13:52 - 00326751 _____ () C:\Users\Quovadis\Downloads\MalwareBytes.exe
    2014-07-07 13:16 - 2014-07-07 13:16 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-07-07 13:14 - 2014-07-07 13:13 - 02347384 _____ (ESET) C:\Users\Quovadis\Downloads\esetsmartinstaller_enu.exe
    2014-07-03 17:49 - 2014-07-03 17:49 - 00000000 _____ () C:\Windows\SysWOW64\shoB95.tmp
    2014-07-03 17:03 - 2011-01-21 06:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-06-29 21:09 - 2014-07-08 06:17 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-29 21:04 - 2014-07-08 06:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
     
    Some content of TEMP:
    ====================
    C:\Users\Quovadis\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Quovadis\AppData\Local\Temp\ose00000.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== BCD ================================
     
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume2
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {7327245f-e308-11df-aba1-be2243f09926}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
     
    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {73272461-e308-11df-aba1-be2243f09926}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {7327245f-e308-11df-aba1-be2243f09926}
    nx                      OptIn
     
    Windows Boot Loader
    -------------------
    identifier              {73272461-e308-11df-aba1-be2243f09926}
    device                  ramdisk=[C:]\Recovery\73272461-e308-11df-aba1-be2243f09926\Winre.wim,{73272462-e308-11df-aba1-be2243f09926}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\73272461-e308-11df-aba1-be2243f09926\Winre.wim,{73272462-e308-11df-aba1-be2243f09926}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes
     
    Resume from Hibernate
    ---------------------
    identifier              {7327245f-e308-11df-aba1-be2243f09926}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  en-US
    inherit                 {resumeloadersettings}
    filedevice              partition=C:
    filepath                \hiberfil.sys
    debugoptionenabled      No
     
    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume2
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    badmemoryaccess         Yes
     
    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 Yes
     
    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
     
    RAM Defects
    -----------
    identifier              {badmemory}
     
    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}
     
    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}
     
    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
     
    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}
     
    Device options
    --------------
    identifier              {73272462-e308-11df-aba1-be2243f09926}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\73272461-e308-11df-aba1-be2243f09926\boot.sdi
     
     
     
    LastRegBack: 2014-07-18 01:31
     
    ==================== End Of Log ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
    Ran by Quovadis at 2014-07-27 15:13:31
    Running from C:\Users\Quovadis\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Trend Micro Titanium (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
    AS: Trend Micro Titanium (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
    Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
    Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Amazon 1Button App (x32 Version: 1.0.4 - Amazon) Hidden
    AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{21958FA9-A346-4745-E831-98013FA0C203}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
    Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0421.657.10561 - ATI) Hidden
    ccc-utility64 (Version: 2010.0421.657.10561 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
    Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Corel PDF Fusion (HKLM\...\{7D93C785-B8CD-4B29-BBAA-8D28E30A5910}) (Version: 1.11.0000 - Corel Corporation)
    Corel PDF Fusion Add-ins (HKLM-x32\...\{41635206-C6D5-4AEF-BCD6-CEDBC5BDD336}) (Version: 1.11.0 - Corel Corporation)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
    CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
    Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
    DriverUpdate (HKLM-x32\...\{65C92136-6AF0-4E70-88D2-D19E739CE285}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
    eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
    eMedia Piano For Dummies (HKLM-x32\...\{D0D24351-FF92-450e-8143-6D848C6EFAC6}) (Version:  - eMedia Piano For Dummies)
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
    EPSON Stylus CX6000 Scanner Driver Update (HKLM-x32\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
    eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
    Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version:  - )
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation)
    Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 3.1.0.10 - WildTangent, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
    HP ENVY 5530 series Basic Device Software (HKLM\...\{E43084F2-A74C-47A3-BD6D-AA57FC0A381E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Internet Download Manager² 1.0 (HKLM-x32\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
    IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Creative Writer 2 (HKLM-x32\...\Creative Writer 2) (Version:  - )
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
    Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
    MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Muvic Smartbar (HKLM-x32\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION
    Muvic Smartbar Engine (HKCU\...\{9291302a-3718-48fd-bf58-775fa899f464}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION
    MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
    Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.71.0 - Symantec Corporation)
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
    PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Product Improvement Study for HP ENVY 5530 series (HKLM\...\{3FB74B78-098D-48EF-8CC4-BE6C431C0E16}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    PSPPContent (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    QuickVerse 2010 (HKLM-x32\...\{088F4D39-60DE-4E41-A3FF-A43A541028E6}) (Version: 14.0.1.1 - Findex)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
    RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: 1.00.000 - )
    SavErPro (HKLM-x32\...\{94851E46-5E5B-DD67-2593-709E8D27DC4C}) (Version:  - SaaverrPro)
    SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
    Search module (HKLM-x32\...\Search module) (Version:  - Search Module)
    Setup (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com)
    Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
    The Print Shop 20 (HKLM-x32\...\{152BF35B-56D7-4652-B519-1661AAC270EE}) (Version: 20.00.0000 - Broderbund Software)
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
    Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
    Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Video-Saver (HKLM-x32\...\932c30fc-2d2d-4fda-b0a6-f361cf5eed96) (Version:  - Video-Saver Soft)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.2 - WildTangent)
    Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    WordExtra (HKCU\...\WordExtra) (Version: 1 - http://www.wordextra.com)
    YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader)
    Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
     
    ==================== Custom CLSID entries: ==========================
     
    (Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-472526558-1063517572-3556198000-1000_Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
    CustomCLSID: HKU\S-1-5-21-472526558-1063517572-3556198000-1000_Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
    CustomCLSID: HKU\S-1-5-21-472526558-1063517572-3556198000-1000_Classes\CLSID\{D4AB823B-3EBC-477B-AA5B-D7061C9E83B0}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
     
    ==================== Restore Points  =========================
     
    15-07-2014 09:56:27 Windows Update
    18-07-2014 16:20:04 Windows Update
    20-07-2014 06:56:57 Windows Update
    21-07-2014 21:14:10 Windows Update
    24-07-2014 08:00:21 Windows Update
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {089C109B-7A67-4518-9FED-22845A14B27A} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-01-15] (SlimWare Utilities, Inc.)
    Task: {0B957E77-F4DF-49D5-8CE7-D952BD067715} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    Task: {1B32CC3C-3140-422B-8E5A-ED320EA21628} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {1C71B93B-4DE2-4F41-918D-C8CA981B050F} - System32\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {1D8FC723-EE71-4BC1-9B73-56D895CAE02F} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-06-09] ()
    Task: {20E30D82-14B0-41B2-BC89-AF72DCDC26DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {211C2CE9-1371-4EFD-9DB8-FE424BA35DDD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {3CECF63E-C845-4CFC-A3CB-57CDA4887E71} - System32\Tasks\VuuPCUpdateLogin => C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe
    Task: {3DBD8503-E740-4DFD-8A28-6D6B7229688F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {4BBD77CD-E47C-4FDE-899B-3E78736AC726} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {532BDD13-908B-4A23-A05B-7559FBD978DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {5BC93178-B41A-4B29-AE7B-92707617001A} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
    Task: {5BECF670-E639-4DD2-A4BF-2257F8B336E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {61545CC9-C187-4E51-AB10-3C8A5FD908D1} - System32\Tasks\VuuPCUpdate => C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe
    Task: {6E9715B5-F400-42DB-B112-19A5A00FE3B1} - System32\Tasks\SMW_UpdateTask_Time_333133313135303832382d3237575a236c6c3255342a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
    Task: {6F9DA181-0A30-43F4-A620-FA6D732F3AFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
    Task: {78DCEFE9-1882-4D5C-9BA7-E1585B8E5750} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {79942E3E-44B6-49FF-8533-8DBAC1082EEE} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-04] (AnyProtect by CMI)
    Task: {97A53A95-2C1C-4881-BA7A-53F5619A429F} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
    Task: {9ACA3C5B-1077-4273-83A6-557A351BEE58} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
    Task: {B64D43B5-0C5F-4B5D-B79A-1FC9B7701E79} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
    Task: {C09F5353-7E9A-4C8A-B925-9C7BE3C7A850} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {C401C1B6-EF9F-4388-B036-DF885F494509} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {C88A6F43-11C6-4486-8B88-8C9D4336ABE9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {CA8A01B0-E7AA-462D-996D-425252023127} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15] (Google Inc.)
    Task: {D4D321DE-C5B3-4211-93F7-F2991D8231DC} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
    Task: {D77665F2-19ED-4559-97A5-BCE66C5269D3} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
    Task: {F8875BEB-C1EA-4523-80CE-E557D00F9572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2bef161f-aa25-4103-a408-5ab3f148e589.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ebf680-18e2-47d8-ae3e-051008c85325.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-04-25 12:48 - 2012-04-25 12:48 - 00146432 _____ () C:\Windows\System32\corelcreatorpm.dll
    2014-02-27 01:49 - 2012-05-02 14:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
    2014-02-27 01:49 - 2012-05-02 14:24 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
    2014-02-27 01:49 - 2012-05-02 14:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
    2014-02-27 01:49 - 2012-05-02 14:25 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
    2014-02-27 01:49 - 2012-05-02 14:25 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll
    2014-02-27 01:45 - 2012-07-25 10:53 - 00289088 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
    2014-06-09 19:51 - 2014-06-09 19:51 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
    2014-07-15 20:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-15 20:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-07-15 20:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-15 20:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-07-15 20:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    2014-03-15 01:28 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\Users\Quovadis\Documents\SHOWER INVITATION.nws:OECustomProperty
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: ChromeHelperUpdt => 3
    MSCONFIG\Services: DsiWMIService => 2
    MSCONFIG\Services: FLEXnet Licensing Service => 3
    MSCONFIG\Services: GamesAppIntegrationService => 3
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: MWLService => 3
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
    MSCONFIG\Services: NTI IScheduleSvc => 2
    MSCONFIG\Services: PSI_SVC_2 => 2
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    MSCONFIG\startupreg: BrowserSafeguard => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
    MSCONFIG\startupreg: ChromeHelper => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
    MSCONFIG\startupreg: CorelCreatorClient => C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
    MSCONFIG\startupreg: CrawlerToolbar => "C:\Program Files (x86)\Crawler Toolbar\Crawler.exe" /STARTUP
    MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
    MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    MSCONFIG\startupreg: OOTag => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (07/26/2014 09:02:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.17207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 1ba8
     
    Start Time: 01cfa93ea30465f2
     
    Termination Time: 20
     
    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
     
    Report Id:
     
    Error: (07/26/2014 08:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
    Exception code: 0xc0000005
    Fault offset: 0x0006ce5c
    Faulting process id: 0x14cc
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3
     
    Error: (07/26/2014 08:33:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
    Faulting module name: wmp.dll, version: 12.0.7601.18150, time stamp: 0x518c8c81
    Exception code: 0xc0000005
    Fault offset: 0x00000000000e23d7
    Faulting process id: 0xf68
    Faulting application start time: 0xwmpnetwk.exe0
    Faulting application path: wmpnetwk.exe1
    Faulting module path: wmpnetwk.exe2
    Report Id: wmpnetwk.exe3
     
    Error: (07/26/2014 08:32:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
     
    Error: (07/25/2014 02:05:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
    Exception code: 0xc0000005
    Fault offset: 0x0006ce5c
    Faulting process id: 0x1eb0
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3
     
    Error: (07/24/2014 02:52:17 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (07/24/2014 02:43:43 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error: (07/24/2014 02:37:44 PM) (Source: SideBySide) (EventID: 72) (User: )
    Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
    The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
     
    Error: (07/24/2014 02:37:16 PM) (Source: SideBySide) (EventID: 72) (User: )
    Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
    The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
     
    Error: (07/24/2014 02:36:24 PM) (Source: SideBySide) (EventID: 72) (User: )
    Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
    The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
     
     
    System errors:
    =============
    Error: (07/27/2014 03:03:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
     
    Error: (07/27/2014 03:00:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/27/2014 02:59:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/27/2014 02:59:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/27/2014 02:59:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/27/2014 02:59:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/27/2014 03:10:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/27/2014 03:10:46 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (07/26/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Description with the following error: 
    %%5
     
    Error: (07/26/2014 10:38:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error: 
    %%5
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 68%
    Total physical RAM: 2810.9 MB
    Available physical RAM: 875.55 MB
    Total Pagefile: 5619.98 MB
    Available Pagefile: 2855.57 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:193.87 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9DB7409C)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #13 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:03:24 AM

    Posted 29 July 2014 - 12:19 PM

    Hello there,

     

     

    Can you please run a scan with Malwarebytes' Anti-Malware and post the upcoming log here?

     

    =============================

     

    ESET Online Scanner:
     
    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
     
    Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

  • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #14 cainst

    cainst
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 30 July 2014 - 09:29 PM

    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7587
    # api_version=3.0.2
    # EOSSerial=1bc3d2bec90bd945bf9e199df8bf1ac3
    # engine=19079
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-07-09 12:01:57
    # local_time=2014-07-08 05:01:57 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776574 100 94 10459878 156407567 0 0
    # scanned=403707
    # found=98
    # cleaned=93
    # scan_time=20412
    sh=1A17590F928A627BA62A1959F7D4429BCF0A6D0F ft=1 fh=0f82e86d716cb9a2 vn="Win32/VOPackage.B potentially unwanted application" ac=I fn="C:\Users\Quovadis\AppData\Roaming\VOPackage\Uninstall.exe"
    sh=12F5D5CE082E2B6C9F8960262340B8418933F0E4 ft=1 fh=758b94275575a34e vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application" ac=I fn="C:\Users\Quovadis\AppData\Roaming\WordExtra\temp.dat"
    sh=A86E8E40D4CA0745CACC5CEBBABB4C6FFFAE5CB3 ft=1 fh=d9dbe29221b23ef4 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Quovadis\Downloads\uplayermediaplayer-setup (1).exe"
    sh=57BF396283BF031B069CD76B545989A8ACE71BDF ft=1 fh=c71c00110256f57e vn="Win32/VuuPc.C potentially unwanted application" ac=I fn="C:\Windows\Temp\LatestVuuPCSetup1.0.0.267.exe"
    sh=4079AA4A83E650C4295194FB47E73D794E23A970 ft=1 fh=c6f978291297a546 vn="Win64/Riskware.NetFilter.A application" ac=I fn="C:\Windows\Temp\UDD1084.tmp"
    sh=5B92B0338ECB78D71323995CA54F08CDD2FB55BC ft=1 fh=592d54c72ef7178f vn="a variant of Win32/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll"
    sh=4F9677CB41F9943161750C2CA9B686FA863664CD ft=1 fh=643076ddc15ce648 vn="a variant of MSIL/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll"
    sh=B790B6DF16F4D3DF91803219A5009226E7DE840B ft=1 fh=37c6cb042bc1c8c5 vn="probably a variant of Win32/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll"
    sh=A30DA4D7273C58A3635E5085CE82E5A5F09BB97F ft=1 fh=b9b178c7beb03f4e vn="a variant of MSIL/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dll"
    sh=E4ABA6846BA256DC729EA1F39E0051C6B79A4D08 ft=1 fh=0fb4ca2f3351574e vn="a variant of Win32/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smfi32.dll"
    sh=E997178C88A5DAF763555492FFBA1BEDF4EC1020 ft=1 fh=954d51a1cc492baf vn="a variant of MSIL/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smfi64.dll"
    sh=03D3A76525D9B7DB3658134638F85AC52558BDBC ft=1 fh=b346ae4ca41fc5f9 vn="a variant of Win32/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe"
    sh=08A66FA3F6C1490270368B0EEEE1281A0BFC087D ft=1 fh=858d32c469860d86 vn="a variant of MSIL/SBWatchman.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe"
    sh=49971AAEDDE7BD16A05CF861CD672AB4402239F7 ft=1 fh=082e8ea9c201f9f6 vn="a variant of MSIL/SBWatchman.A potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe"
    sh=DE5DE42BA1BE0D3AB2D403854B0056DD7921CC27 ft=1 fh=961374948be19d48 vn="a variant of MSIL/Adware.iBryte.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Browsersafeguard\Temp\uninstall.BrowserSafeguard.exe"
    sh=64367116987EC55BA71DE0FF1939C67E3A1929C8 ft=1 fh=1a4dbc073871f85c vn="a variant of Win32/BrowseFox.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\FindRight\bin\utilFindRight.exe"
    sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
    sh=75773C452146645B80387025120B3AFC1BD7F608 ft=1 fh=f924702fd032a998 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Mobogenie\Mobogenie.exe"
    sh=CD814F8CAC8880831029BCA4568031141FFE8534 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Mobogenie\MUServer.apk"
    sh=D9B3BA161D98EA1AD0E61015B2F11DB47A0A6875 ft=1 fh=8252b73ae811ba6a vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe"
    sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="a variant of MSIL/DomaIQ.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Uninstaller\Uninstall.exe"
    sh=B227E4D4C4E71B0026A27445AF728604B4981F31 ft=1 fh=3b9d7946ce04b66d vn="Win32/VuuPc.C potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\Connectivity.exe"
    sh=CC0B7F1085234251D5013A9FA8FECE91802C6E69 ft=1 fh=17991e1574951668 vn="Win32/VOPackage.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\Container.exe"
    sh=C44F5AF87BC66614E12C188128AE0A7A7E5A8A87 ft=1 fh=2919dfc56785299e vn="Win32/VuuPc.C potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\RemoteEngine.exe"
    sh=F4B096BD424602F7A1C9C887C5906D291170E4E6 ft=1 fh=2f438662dda0991f vn="Win32/VuuPc.C potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\RemoteEngineHelper.exe"
    sh=E8F0B201B906C7F9EC661B74F9CB9E25F3D11055 ft=1 fh=1289a8983eadc843 vn="Win32/VOPackage.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\Run.exe"
    sh=BB67FA4783DB638EB7DB4BC53F5AC08612392B04 ft=1 fh=e1bc29779d0d564b vn="Win32/VuuPc.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\VuuPCLicense.exe"
    sh=1A6F9F481D70D5A0438213F7FF17950A25EFC94B ft=1 fh=2d4371778c96eddb vn="Win32/VuuPc.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe"
    sh=E44BE2421E7B8215AA1E6AAB156A22F6620B725F ft=1 fh=9ce1edd2aa50f63e vn="a variant of Win32/ShopperPro.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\YTDownloader\Updater.exe"
    sh=6B6105C0BF9C8942B523C7BC6279BF1D241909BA ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\temp\InstallFilter64.msi"
    sh=A7B628B4331B3A7328FE30AF568884C4FA5E9D96 ft=1 fh=8bc5001574ad04cd vn="a variant of Win32/DomaIQ.BB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000001"
    sh=C2F3AB193993CAF077DF3F5A5A5640B7121E0108 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C8ASNKH\91[1].js"
    sh=50734BE26157FCF2996922F76B9AF0A0088EFD2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C8ASNKH\monetizationLoader[1].js"
    sh=50734BE26157FCF2996922F76B9AF0A0088EFD2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C8ASNKH\monetizationLoader[2].js"
    sh=B683C210045A4133B80E4ECC0C23BC3196B66514 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\bpo_serp_m[1].js"
    sh=5BEC1689AE9E2B0BC2CF8033212D7BA28C10A745 ft=1 fh=ba654dc6299c40c9 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\FlappyBird[1].exe"
    sh=D767D39DA00E1507AB72DF2BBF0DF984E5F67F87 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\icm_downloads_m[1].js"
    sh=066D67D3C0F4110A52C2843171BCB750FA7A6E6B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\intext_5_m[1].js"
    sh=DE7A729914023E44950267BBB0053CFB513006A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\monetizationLoader[1].js"
    sh=DE7A729914023E44950267BBB0053CFB513006A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\monetizationLoader[2].js"
    sh=AA8FE1C31F7A81FB3089A8543C02D0EF97AA3678 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\monetizationLoader[3].js"
    sh=202C1899F9B92EF86E40333C701C620BB16CE1F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\monetizationLoader[4].js"
    sh=DEBF208882FC35746679473CE0C804521CEC67CC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\monetizationLoader[5].js"
    sh=A961D65EC7A27F8397FC9ED89C698FDC3E2B8018 ft=1 fh=e75f14cc30ca7c64 vn="a variant of Win32/Reporter.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\RegClean2[1].exe"
    sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="a variant of Win32/SpeedBit.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV6ANXBC\ytdownloader_setup_20140203[1].exe"
    sh=EFB4661A0B968C8115AFBB122F2D1B3C73331A7E ft=1 fh=012ffc51206ea745 vn="a variant of MSIL/Adware.iBryte.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\BrowserSafeGuardInstaller[1].exe"
    sh=705F7674C554A2BDA26E88C6776C54FDBF379002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\icm_convertmedia_m[1].js"
    sh=DEBF208882FC35746679473CE0C804521CEC67CC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\monetizationLoader[1].js"
    sh=919EDFCD72BD9AA71223F318095BD769F507CC9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\monetizationLoader[2].js"
    sh=DB3C1DD7DE366F47829D7301D833F7604BEC5AF3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\pops_5_m[1].js"
    sh=57F74C3FAF6723290F6FA3341542A17948A76BCD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\revizer_ws_dynamic_m[1].js"
    sh=FEFF5D3F8C9F9C749E27B226C3E4B8EEF6AD1163 ft=1 fh=352915ac92fcaaa5 vn="Win32/SpeedUpMyPC.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\SpeedUpMyPC[1].exe"
    sh=7812DFAFF64BAD239859813C5654B9ED16466339 ft=1 fh=148431a8262f735d vn="Win32/Conduit.SearchProtect.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUYL8BDR\spstub[1].exe"
    sh=9B3E5B195B8CAF4F337D65AB99C5AA72DE2B08FD ft=1 fh=ff8f90d6f0117da0 vn="a variant of MSIL/Adware.StrongVault.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY8ODYAI\DesktopWeatherAlertsSetup[1].exe"
    sh=1D05F40721A499CDC6AA0944B9757B2A6E3FE6A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY8ODYAI\monetizationLoader[1].js"
    sh=B8DCC1355AF30C027794D10BC8FD83670866BA2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY8ODYAI\price_gong_m[1].js"
    sh=09E41DAB84A351A234F471879A1C5FC682957ABA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY8ODYAI\revizer_p_dynamic_m[1].js"
    sh=030AD18F823D1EB34F468CC4126A17555055F71C ft=1 fh=20230c57ed3eb8bf vn="Win32/OutBrowse.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY8ODYAI\SearchProtectGeneric2[1].exe"
    sh=8F095B22CEB9A8B7CB5EA2E21C818FD01099A397 ft=1 fh=d3b03b05f0b62c2f vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY8ODYAI\Setup_20131118[1].exe"
    sh=C2F3AB193993CAF077DF3F5A5A5640B7121E0108 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSQSOB3E\91[1].js"
    sh=C93720F9A743CB34DB813D0CFAB76DB0D95D144D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSQSOB3E\91[2].js"
    sh=BD99029E3E064DE3BDC009BED86CE5F9F6556130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\ciuvo_m[1].js"
    sh=115081E9037F5D63F69BC5CA19ECC1ACC8F61896 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\imonomy_m[1].js"
    sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\intext_adv_m[1].js"
    sh=B4853CCBF4F400FB3A12155815CFFD0D74C8EEAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\noproblemppc_m[1].js"
    sh=B990303093437EB133BB3B72C555735FF136C318 ft=1 fh=12a4bcb11c6f2db2 vn="Win32/SpeedUpMyPC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\SpeedUpMyPC-standalone-setup[1].exe"
    sh=70E5AD8840923AD61ECF02E583AFD1B4864EC960 ft=1 fh=a8c183b020d969f9 vn="Win32/Conduit.SearchProtect.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\SPSetup[1].exe"
    sh=3A524DC2E912FD77E216479A996DD64406FE7E6B ft=1 fh=150dc674aecd350a vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\video-saver_2070-2127[1].exe"
    sh=D7DF283C23F08E8CC03208B8E8683A6785F0116A ft=1 fh=0fbae9a1f447571f vn="Win32/VuuPc.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\VuuPCSetup[1].exe"
    sh=DB125E4644B3ECADF5A033D858071632DEBC773F ft=1 fh=c4688c8e8bd09f39 vn="a variant of Win32/AdWare.iBryte.S application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWC3A7M\VuuPC_Setup[1].exe"
    sh=E176D7F68E9CC6D03E8555B51565423033CDF6A9 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip"
    sh=E45C1D583BDD644F636D8DA387761796CE1D7038 ft=1 fh=fe33acdf835fbfaa vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
    sh=75773C452146645B80387025120B3AFC1BD7F608 ft=1 fh=f924702fd032a998 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
    sh=CD814F8CAC8880831029BCA4568031141FFE8534 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
    sh=D9B3BA161D98EA1AD0E61015B2F11DB47A0A6875 ft=1 fh=8252b73ae811ba6a vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"
    sh=DE5DE42BA1BE0D3AB2D403854B0056DD7921CC27 ft=1 fh=961374948be19d48 vn="a variant of MSIL/Adware.iBryte.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\installer.exe"
    sh=8F3A9725859E35851E38EA83B043165BC30899FE ft=1 fh=11ed812b5a7cf8dc vn="a variant of MSIL/DomaIQ.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\sadC34F.tmp"
    sh=2ECFAC6C3FC4E13F894D89A3CFA89C57BB1039CE ft=1 fh=5c7aedf5486c5cf5 vn="a variant of Win32/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\e1aaabf5-9cfb-4f65-9e93-cf06a1db7672\software\Installer.exe"
    sh=32AE1D6B97595FA7626D2B6584487D560F9048ED ft=1 fh=f50b8f58204ff3b2 vn="Win32/SpeedingUpMyPC.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\e1aaabf5-9cfb-4f65-9e93-cf06a1db7672\software\OptimizerPro.exe"
    sh=6B44ED3612348160E9135A106B41E93AA8FA569B ft=1 fh=c037ee2e5f3f32b7 vn="Win32/VOPackage.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\e1aaabf5-9cfb-4f65-9e93-cf06a1db7672\software\VOPackage.exe"
    sh=D177D6A895F7ABA6B46127002B6487AB1A8799EA ft=1 fh=46ad657075c8b9ab vn="a variant of Win32/ShopperPro.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\Install_1782\ytd.exe"
    sh=934B38A3ECC7EC3FB88A15AD1707F19719F71661 ft=1 fh=c71c00111a034b54 vn="Win32/VOPackage.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\10861604_stp\AnyProtectScannerSetup.exe"
    sh=28B9919A7C23687D35B717D56A76A252B6EB198A ft=1 fh=cfa45354f47ed0f4 vn="Win32/24x7Help.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\10861802_stp\PCFixSpeedSetup0100.exe"
    sh=ED127CEE7B51FD3595F1B96EEE927BD0048E25DE ft=1 fh=c71c0011d84a3b1d vn="Win32/VOPackage.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\12152431_stp\AnyProtectScannerSetup.exe"
    sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\12152607_stp\wajam_validate.exe"
    sh=ED127CEE7B51FD3595F1B96EEE927BD0048E25DE ft=1 fh=c71c0011d84a3b1d vn="Win32/VOPackage.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\1987373_stp\AnyProtectScannerSetup.exe"
    sh=ED127CEE7B51FD3595F1B96EEE927BD0048E25DE ft=1 fh=c71c0011d84a3b1d vn="Win32/VOPackage.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\2006435_stp\AnyProtectScannerSetup.exe"
    sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\2541125_stp\wajam_validate.exe"
    sh=144957896C176DC8EE7B6847B699216E0907F601 ft=1 fh=08cda02736e29191 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\2541795_stp\WeatherBugSetup.exe"
    sh=ED127CEE7B51FD3595F1B96EEE927BD0048E25DE ft=1 fh=c71c0011d84a3b1d vn="Win32/VOPackage.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\2623736_stp\AnyProtectScannerSetup.exe"
    sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\is45637729\2623879_stp\wajam_validate.exe"
    sh=B90AAD8F0749B445B882D650D1C0B66A4122DA92 ft=1 fh=0cdc7fc4b065da36 vn="Win32/Distromatic.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\nse12EA.tmp\zplugins.dll"
    sh=7C403D7DD7E2FE878BA47776A4504D84381DB23E ft=1 fh=c71c0011beef5feb vn="a variant of Win32/AdWare.AddLyrics.AE application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\nsg7AF6.tmp\nsru.dll"
    sh=0C5AB78B2FC5DE9B789C0051B2EB5B3F82B83AF1 ft=1 fh=802fb3f9b754b0b2 vn="Win32/OutBrowse.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\nsm46B1.tmp\Convert.dll"
    sh=B90AAD8F0749B445B882D650D1C0B66A4122DA92 ft=1 fh=0cdc7fc4b065da36 vn="Win32/Distromatic.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\nsnF51.tmp\zplugins.dll"
    sh=B90AAD8F0749B445B882D650D1C0B66A4122DA92 ft=1 fh=0cdc7fc4b065da36 vn="Win32/Distromatic.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\nspB5CF.tmp\zplugins.dll"
    sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Local\Temp\{FC0CA9F5-68AA-4A9C-A4C4-762467B0FA34}\setup.exe"
    sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/VuuPc.C potentially unwanted application (contained infected files)" ac=C fn="${Memory}"
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=1bc3d2bec90bd945bf9e199df8bf1ac3
    # engine=19157
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-07-13 10:41:41
    # local_time=2014-07-13 05:41:41 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776574 100 94 10890662 156834751 0 0
    # scanned=398862
    # found=7
    # cleaned=7
    # scan_time=8759
    sh=1A17590F928A627BA62A1959F7D4429BCF0A6D0F ft=1 fh=0f82e86d716cb9a2 vn="Win32/VOPackage.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Roaming\VOPackage\Uninstall.exe"
    sh=12F5D5CE082E2B6C9F8960262340B8418933F0E4 ft=1 fh=758b94275575a34e vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Quovadis\AppData\Roaming\WordExtra\temp.dat"
    sh=326FFE010703C35193069266DF178B7FE444F440 ft=1 fh=e0a90314edbab0f2 vn="a variant of Win32/Idmsq.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\Downloads\IDM2 (1).exe"
    sh=326FFE010703C35193069266DF178B7FE444F440 ft=1 fh=e0a90314edbab0f2 vn="a variant of Win32/Idmsq.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\Downloads\IDM2.exe"
    sh=A86E8E40D4CA0745CACC5CEBBABB4C6FFFAE5CB3 ft=1 fh=d9dbe29221b23ef4 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Quovadis\Downloads\uplayermediaplayer-setup (1).exe"
    sh=57BF396283BF031B069CD76B545989A8ACE71BDF ft=1 fh=c71c00110256f57e vn="Win32/VuuPc.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Temp\LatestVuuPCSetup1.0.0.267.exe"
    sh=4079AA4A83E650C4295194FB47E73D794E23A970 ft=1 fh=c6f978291297a546 vn="Win64/Riskware.NetFilter.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\Temp\UDD1084.tmp"
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=1bc3d2bec90bd945bf9e199df8bf1ac3
    # engine=19424
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-07-31 01:35:59
    # local_time=2014-07-30 08:35:59 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 12395 158314009 0 0
    # scanned=372117
    # found=2
    # cleaned=0
    # scan_time=13868
    sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Quovadis\Downloads\ccsetup415.exe"
    sh=1A2005624CEA8C623A7290E1251439FFBA563A88 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\Windows\Installer\862440.msi"
     
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 7/30/2014
    Scan Time: 9:06:36 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.2.1012
    Malware Database: v2014.07.31.02
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled
     
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Quovadis
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 311381
    Time Elapsed: 21 min, 35 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 2
    PUP.Optional.SearchNet, HKU\S-1-5-21-472526558-1063517572-3556198000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}, , [e1c01e829ae1ed49ad3858058280738d], 
    PUP.Optional.SearchNet, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}, , [e1c01e829ae1ed49ad3858058280738d], 
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 1
    PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMupdate1, , [227f2c74c7b4df57af324a81679b32ce], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #15 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:03:24 AM

    Posted 01 August 2014 - 05:22 PM

    Hello there,

     

     

    Can you tell me how is your pc behaving? Any improvement so far?

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users