Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Help please


  • This topic is locked This topic is locked
18 replies to this topic

#1 realarce

realarce

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 17 August 2014 - 06:21 AM

Hi,

I'm repairing a friends PC, her son allowed too much to install automatically and of course, that included virus. Can anyone find the time to look over the attached log and assist me in deleting anything they see doesn't need to be there virus wise.

Thanks for your time.

 

Pasted log into topic - Hamluis.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:36:07 PM, on 17/08/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17054)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Trisha\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yealt - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\SysWow64\yealt.dll
O2 - BHO: greaotssavinGe - {5580605B-4FF3-C6A5-8183-EFAA35D77428} - C:\ProgramData\greaotssavinGe\u8.dll
O2 - BHO: ExtraShoppEr - {6BDAE042-6F8D-AB85-73D5-341767E214DD} - C:\ProgramData\ExtraShoppEr\6T6.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: news.net - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\ScriptHost.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [GoforFilesInstaller Starter] "C:\Users\Trisha\AppData\Local\Temp\install7088823.exe" -startup
O4 - HKLM\..\Run: [Registry Helper] "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [BitTorrent] C:\Users\LIAM\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED
O4 - HKCU\..\Run: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AZ9OAMD1" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BCRGUQ7T" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DK009CNH" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5MMO8Q9" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NBER5AGW" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1H971O7" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R5Q002V2" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R7JKDC2F" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U80LE03Q" "C:\Users\Trisha\AppData\Local\Microsoft\Windows\Te
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: 
O23 - Service: McAfee Application Installer Cleanup (0181681408257843) (0181681408257843mcinstcleanup) - Unknown owner - C:\Windows\TEMP\018168~1.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Application Statistics Service (MfeASUM) - McAfee, Inc. - C:\Program Files\McAfee\AppStats\MfeASUM.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: nuttkoqiez64 - Unknown owner - C:\Program Files\003\nuttkoqiez64.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: rqpbhevlkc64 - Unknown owner - C:\Program Files\004\rqpbhevlkc64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yontoo Desktop Updater - Unknown owner - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

--
End of file - 16742 bytes


Edited by hamluis, 17 August 2014 - 07:37 AM.
Moved from Win 8 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:04 PM

Posted 17 August 2014 - 03:24 PM

:welcome:

Hello realarce,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 19 August 2014 - 06:12 AM

Hi Jo, Thank you for responding. I will now start posting the logs as requested.

 

 Results of screen317's Security Check version 0.99.87 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
Windows Defender                    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Call of Duty: Ghosts - Multiplayer
 Java 7 Update 67 
 Adobe Flash Player  14.0.0.145 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#4 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 19 August 2014 - 07:07 AM

Hi Jon. OTL is crashing my computer each time I run . I will try again when I work out safe mode for windows 8.1



#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:04 PM

Posted 19 August 2014 - 07:45 AM

Hi,

skip the OTL an go on here:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 21 August 2014 - 06:29 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Trisha (administrator) on TRISHALAPTOP on 21-08-2014 20:56:54
Running from C:\Users\Trisha\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\003\nuttkoqiez64.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\004\rqpbhevlkc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-222191783-1610888516-101916340-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-222191783-1610888516-101916340-1001\...\Run: [DelayShred] => c:\Program Files\mcafee\mqs\ShrCL.exe [128608 2013-07-31] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-06] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {8E80FD9C-2425-4BC8-9B01-3B4D199788BA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {8E80FD9C-2425-4BC8-9B01-3B4D199788BA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=2111&r=2014/05/11&hid=2653547373519301105&lg=EN&cc=AU&unqvl=52
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
SearchScopes: HKLM-x32 - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZJ^xpt242^YY^au&si=begin-download&ptb=96E1A98A-6CCB-4638-BA4F-31964A35D9E6&ind=2013042020&n=77fc9564&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=2111&r=2014/05/11&hid=2653547373519301105&lg=EN&cc=AU&unqvl=52
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10038&barid={09660C77-ACA8-11E2-BE75-B888E3BF4DE8}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M9C3B2C25-14EF-481F-9B29-D1F081307F91&SearchSource=58&CUI=&UM=6&UP=SPDFF47CFD-1BBD-43C0-86D8-A6E4A1E68020&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBC90FA65-EA85-4688-B0F0-3547BB029065&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M9C3B2C25-14EF-481F-9B29-D1F081307F91&SearchSource=58&CUI=&UM=6&UP=SPDFF47CFD-1BBD-43C0-86D8-A6E4A1E68020&q={searchTerms}&SSPV=
SearchScopes: HKCU - {8E80FD9C-2425-4BC8-9B01-3B4D199788BA} URL =
SearchScopes: HKCU - {956BA372-35B8-4C67-87F8-817444F33873} URL = https://au.search.yahoo.com/search?fr=mcafee&type=A011AU662&p={SearchTerms}
BHO: greaotssavinGe -> {5580605B-4FF3-C6A5-8183-EFAA35D77428} -> C:\ProgramData\greaotssavinGe\u8.x64.dll No File
BHO: ExtraShoppEr -> {6BDAE042-6F8D-AB85-73D5-341767E214DD} -> C:\ProgramData\ExtraShoppEr\6T6.x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> C:\Program Files\BreakingNews\x64\ScriptHost.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> C:\Program Files\BreakingNews\ScriptHost.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @news.net/npapi -> C:\Program Files\BreakingNews\npapi.dll (news.net)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-04]
FF HKCU\...\Firefox\Extensions: [freegames115@BestOffers] - C:\Users\Trisha\AppData\Roaming\Mozilla\Extensions\freegames115@BestOffers
FF Extension: Free Games 115 - C:\Users\Trisha\AppData\Roaming\Mozilla\Extensions\freegames115@BestOffers [2014-03-07]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Trisha\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx []
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Trisha\AppData\Roaming\BabSolution\CR\Delta.crx []
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-28] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-08-25] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-07-03] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-03] (Dritek System INC.)
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-05-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros)
S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Trisha\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-15] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-08-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-03] (Dritek System Inc.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 20:57 - 2014-08-21 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-21 20:52 - 2014-08-21 20:56 - 00032617 _____ () C:\Users\Trisha\Downloads\Addition.txt
2014-08-21 20:51 - 2014-08-21 20:57 - 00025734 _____ () C:\Users\Trisha\Downloads\FRST.txt
2014-08-21 20:51 - 2014-08-21 20:56 - 00000000 ____D () C:\FRST
2014-08-21 20:50 - 2014-08-21 20:50 - 02101760 _____ (Farbar) C:\Users\Trisha\Downloads\FRST64.exe
2014-08-19 21:34 - 2014-08-19 21:35 - 00284824 _____ () C:\Windows\Minidump\081914-32890-01.dmp
2014-08-19 21:25 - 2014-08-19 21:25 - 00000000 ____D () C:\Users\Trisha\AppData\Local\SearchProtect
2014-08-19 21:25 - 2014-08-19 21:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-19 21:10 - 2014-08-19 21:10 - 00284824 _____ () C:\Windows\Minidump\081914-84562-01.dmp
2014-08-19 21:08 - 2014-08-19 21:08 - 00003576 ____N () C:\bootsqm.dat
2014-08-19 21:08 - 2014-08-19 21:08 - 00000000 __SHD () C:\found.000
2014-08-19 20:42 - 2014-08-19 20:42 - 00602112 _____ (OldTimer Tools) C:\Users\Trisha\Downloads\OTL.exe
2014-08-19 20:39 - 2014-08-19 20:39 - 00854417 _____ () C:\Users\Trisha\Downloads\SecurityCheck.exe
2014-08-19 20:31 - 2014-08-19 20:35 - 00000000 ____D () C:\Users\Trisha\Downloads\backups
2014-08-19 20:11 - 2014-08-19 20:11 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-17 19:59 - 2014-08-17 19:59 - 00003232 _____ () C:\Windows\System32\Tasks\{6689DAB4-D578-45C9-9F41-00402780A055}
2014-08-17 16:31 - 2014-08-17 16:31 - 00017179 _____ () C:\Users\Trisha\Documents\hijackthis.log
2014-08-17 16:26 - 2014-08-19 20:22 - 00016438 _____ () C:\Users\Trisha\Downloads\hijackthis.log
2014-08-17 16:24 - 2014-08-17 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Trisha\Downloads\HijackThis.exe
2014-08-17 16:07 - 2014-08-17 16:07 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle
2014-08-17 16:05 - 2014-08-17 16:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 14:21 - 2014-08-07 16:03 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 14:21 - 2014-08-07 12:39 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 14:11 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 14:10 - 2014-08-17 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 14:10 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 14:10 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 14:10 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 14:09 - 2014-08-17 14:10 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 14:02 - 2014-08-17 14:05 - 00000000 ____D () C:\Users\Trisha\AppData\Local\LogMeInIgnition
2014-08-17 14:00 - 2014-08-02 09:45 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-17 14:00 - 2014-08-02 09:45 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 13:29 - 2014-07-16 08:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-17 13:26 - 2014-06-11 08:14 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 13:26 - 2014-06-11 08:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 13:08 - 2014-08-17 13:08 - 00003308 _____ () C:\Windows\System32\Tasks\4800
2014-08-17 13:08 - 2014-08-17 13:08 - 00003210 _____ () C:\Windows\System32\Tasks\0
2014-08-16 19:25 - 2014-07-24 21:39 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 19:25 - 2014-06-13 11:27 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 19:25 - 2014-06-13 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 19:24 - 2014-07-24 21:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 19:24 - 2014-07-24 21:40 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 19:24 - 2014-07-24 21:40 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 19:24 - 2014-07-24 21:40 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 19:24 - 2014-07-24 21:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 19:24 - 2014-07-24 21:39 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 19:24 - 2014-07-24 20:22 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 19:24 - 2014-07-24 20:22 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 19:24 - 2014-07-24 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 19:24 - 2014-07-24 20:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 19:24 - 2014-07-24 20:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 19:24 - 2014-07-24 19:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 19:24 - 2014-07-24 17:33 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-16 19:24 - 2014-06-20 09:05 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 19:24 - 2014-06-20 07:54 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 19:24 - 2014-06-06 03:00 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-16 19:23 - 2014-06-06 03:26 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 19:23 - 2014-06-06 02:59 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 19:23 - 2014-06-06 02:59 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 19:23 - 2014-06-06 02:58 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 19:23 - 2014-06-06 02:58 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-16 19:23 - 2014-06-05 22:42 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-16 19:23 - 2014-06-05 22:41 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 19:23 - 2014-06-05 22:41 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 19:23 - 2014-06-05 22:40 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 19:23 - 2014-06-05 22:40 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-16 19:23 - 2014-05-29 13:34 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-16 19:23 - 2014-05-08 11:04 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-09 00:02 - 2014-08-09 00:02 - 00149375 _____ () C:\Users\LIAM\Downloads\download (3).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download.htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (4).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (2).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (1).htm
2014-08-09 00:01 - 2014-08-09 00:01 - 00002325 _____ () C:\Users\LIAM\Desktop\Google Chrome (2).lnk
2014-08-07 20:47 - 2014-08-07 20:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-08-07 19:51 - 2014-08-07 19:52 - 00284712 _____ () C:\Windows\Minidump\080714-79828-01.dmp
2014-08-07 17:57 - 2014-08-07 17:57 - 04952969 _____ () C:\Users\LIAM\Downloads\world22.zip
2014-08-07 17:55 - 2014-08-07 17:55 - 18841588 _____ () C:\Users\LIAM\Downloads\FunLand 3.1.rar
2014-08-07 17:24 - 2014-08-07 17:24 - 00000000 ___HT () C:\Users\LIAM\Downloads\world2.zip~RFb7897d2.TMP
2014-08-07 17:22 - 2014-08-07 17:26 - 00000782 _____ () C:\Users\LIAM\Downloads\world2.zip
2014-08-07 17:22 - 2014-08-07 17:24 - 14372574 _____ () C:\Users\LIAM\Downloads\78a07148
2014-08-07 17:22 - 2014-08-07 17:22 - 00000000 ____D () C:\Users\LIAM\Downloads\world2
2014-08-05 11:57 - 2014-08-05 11:57 - 00284768 _____ () C:\Windows\Minidump\080514-38203-01.dmp
2014-08-05 11:24 - 2014-08-05 11:25 - 00284768 _____ () C:\Windows\Minidump\080514-76765-01.dmp
2014-08-05 10:34 - 2014-08-05 10:34 - 00284768 _____ () C:\Windows\Minidump\080514-47468-01.dmp
2014-08-05 10:24 - 2014-08-19 20:34 - 00000000 ____D () C:\ProgramData\ExtraShoppEr
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\IsolatedStorage
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\fastcleanpro
2014-07-29 19:33 - 2014-08-19 21:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-28 17:42 - 2014-07-28 17:42 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Sparta
2014-07-28 17:39 - 2014-07-28 17:39 - 00733096 _____ ( ) C:\Users\LIAM\Downloads\CR_Downloader_for_dolphin.exe
2014-07-28 15:59 - 2014-07-29 19:52 - 00006656 _____ () C:\Users\LIAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-28 15:58 - 2014-07-28 20:03 - 00000000 ____D () C:\Users\LIAM\Documents\ezvid
2014-07-28 15:58 - 2014-07-28 15:58 - 00000000 ____D () C:\Users\LIAM\AppData\Local\ezvid,_inc
2014-07-28 15:57 - 2014-08-16 17:56 - 00000000 ____D () C:\Users\Trisha\Documents\ezvid
2014-07-28 15:51 - 2014-07-28 15:51 - 01168896 _____ (Ezvid, inc. ) C:\Users\LIAM\Downloads\ezvid0982d.exe
2014-07-27 21:02 - 2014-07-27 21:02 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 14:33 - 2014-07-24 14:33 - 00011336 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnrk.sys
2014-07-24 14:32 - 2014-07-24 14:32 - 00096592 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencrk.sys
2014-07-24 14:31 - 2014-07-24 14:31 - 00444720 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencbdc.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 20:57 - 2014-08-21 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-21 20:57 - 2014-08-21 20:51 - 00025734 _____ () C:\Users\Trisha\Downloads\FRST.txt
2014-08-21 20:56 - 2014-08-21 20:52 - 00032617 _____ () C:\Users\Trisha\Downloads\Addition.txt
2014-08-21 20:56 - 2014-08-21 20:51 - 00000000 ____D () C:\FRST
2014-08-21 20:53 - 2013-03-28 08:32 - 01825531 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 20:50 - 2014-08-21 20:50 - 02101760 _____ (Farbar) C:\Users\Trisha\Downloads\FRST64.exe
2014-08-21 20:48 - 2013-09-23 21:20 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Skype
2014-08-21 20:48 - 2013-03-28 08:58 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-222191783-1610888516-101916340-1001
2014-08-21 20:44 - 2014-04-22 16:52 - 00000400 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-08-21 20:44 - 2014-04-22 16:52 - 00000400 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-08-21 20:44 - 2014-02-05 18:53 - 00000408 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-08-21 20:44 - 2014-02-05 18:53 - 00000406 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-08-21 20:44 - 2013-09-08 18:47 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 20:44 - 2013-04-22 23:09 - 00000404 _____ () C:\Windows\Tasks\SmartPCFix Task.job
2014-08-21 20:43 - 2014-04-06 23:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-21 20:43 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\system32\sru
2014-08-19 21:42 - 2014-04-06 23:47 - 00000968 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-08-19 21:42 - 2014-04-06 23:47 - 00000952 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-08-19 21:41 - 2012-07-26 16:52 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 21:40 - 2014-05-03 11:24 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\BitTorrent
2014-08-19 21:35 - 2014-08-19 21:34 - 00284824 _____ () C:\Windows\Minidump\081914-32890-01.dmp
2014-08-19 21:34 - 2014-04-14 20:28 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 21:34 - 2014-04-14 20:27 - 520656228 _____ () C:\Windows\MEMORY.DMP
2014-08-19 21:25 - 2014-08-19 21:25 - 00000000 ____D () C:\Users\Trisha\AppData\Local\SearchProtect
2014-08-19 21:25 - 2014-08-19 21:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-19 21:25 - 2014-05-03 11:24 - 00000838 _____ () C:\Users\Trisha\Desktop\BitTorrent.lnk
2014-08-19 21:25 - 2014-05-03 11:24 - 00000818 _____ () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-08-19 21:24 - 2014-05-03 11:23 - 00000000 ____D () C:\Users\LIAM\AppData\Roaming\BitTorrent
2014-08-19 21:12 - 2013-12-24 14:25 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA.job
2014-08-19 21:10 - 2014-08-19 21:10 - 00284824 _____ () C:\Windows\Minidump\081914-84562-01.dmp
2014-08-19 21:10 - 2014-07-29 19:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 21:10 - 2012-08-04 16:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-19 21:09 - 2012-09-03 21:42 - 00000000 ____D () C:\ProgramData\Norton
2014-08-19 21:09 - 2012-08-04 16:41 - 00178098 _____ () C:\Windows\PFRO.log
2014-08-19 21:08 - 2014-08-19 21:08 - 00003576 ____N () C:\bootsqm.dat
2014-08-19 21:08 - 2014-08-19 21:08 - 00000000 __SHD () C:\found.000
2014-08-19 20:42 - 2014-08-19 20:42 - 00602112 _____ (OldTimer Tools) C:\Users\Trisha\Downloads\OTL.exe
2014-08-19 20:39 - 2014-08-19 20:39 - 00854417 _____ () C:\Users\Trisha\Downloads\SecurityCheck.exe
2014-08-19 20:35 - 2014-08-19 20:31 - 00000000 ____D () C:\Users\Trisha\Downloads\backups
2014-08-19 20:34 - 2014-08-05 10:24 - 00000000 ____D () C:\ProgramData\ExtraShoppEr
2014-08-19 20:34 - 2014-04-10 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 20:34 - 2014-04-08 10:40 - 00000000 ____D () C:\ProgramData\greaotssavinGe
2014-08-19 20:27 - 2013-09-08 14:22 - 00000950 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA.job
2014-08-19 20:25 - 2012-07-26 17:29 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-19 20:22 - 2014-08-17 16:26 - 00016438 _____ () C:\Users\Trisha\Downloads\hijackthis.log
2014-08-19 20:21 - 2013-08-19 22:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-19 20:21 - 2013-04-03 20:30 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-19 20:11 - 2014-08-19 20:11 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-19 20:11 - 2013-07-04 11:18 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\HpUpdate
2014-08-19 20:11 - 2013-07-04 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-19 20:11 - 2013-07-04 11:14 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-19 20:08 - 2013-09-08 18:47 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 20:06 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-19 20:03 - 2012-07-26 14:56 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-17 20:56 - 2012-07-26 14:56 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-08-17 20:54 - 2014-03-08 21:11 - 00000000 ____D () C:\temp
2014-08-17 20:54 - 2013-02-11 18:05 - 00000000 ____D () C:\tmp
2014-08-17 20:52 - 2013-08-21 17:39 - 00000000 ____D () C:\YOUTUBE
2014-08-17 20:23 - 2013-04-11 18:57 - 00000000 ____D () C:\Users\Trisha\AppData\Local\clear.fi
2014-08-17 20:22 - 2012-08-04 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-08-17 20:22 - 2012-08-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-08-17 20:20 - 2013-03-28 08:30 - 00000000 ____D () C:\Users\Trisha
2014-08-17 20:19 - 2012-11-03 14:41 - 00000000 __RHD () C:\MSOCache
2014-08-17 20:09 - 2012-07-26 16:58 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 20:02 - 2013-06-20 20:23 - 00000000 ____D () C:\Program Files\FFsplit
2014-08-17 20:01 - 2013-09-06 17:12 - 00000000 ____D () C:\Users\LIAM\AppData\Local\Ubisoft Game Launcher
2014-08-17 20:01 - 2012-08-04 16:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-17 19:59 - 2014-08-17 19:59 - 00003232 _____ () C:\Windows\System32\Tasks\{6689DAB4-D578-45C9-9F41-00402780A055}
2014-08-17 19:59 - 2013-04-24 15:58 - 00000000 ____D () C:\Users\Trisha\AppData\Local\WebPlayer
2014-08-17 16:31 - 2014-08-17 16:31 - 00017179 _____ () C:\Users\Trisha\Documents\hijackthis.log
2014-08-17 16:24 - 2014-08-17 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Trisha\Downloads\HijackThis.exe
2014-08-17 16:14 - 2012-08-04 16:49 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-08-17 16:09 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:07 - 2014-08-17 16:07 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle
2014-08-17 16:06 - 2013-04-20 18:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\CrashDumps
2014-08-17 16:05 - 2014-08-17 16:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 14:56 - 2013-04-22 23:19 - 00000258 __RSH () C:\Users\Trisha\ntuser.pol
2014-08-17 14:55 - 2014-07-03 20:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-17 14:27 - 2013-09-08 14:22 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core.job
2014-08-17 14:10 - 2014-08-17 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 14:10 - 2014-08-17 14:09 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 14:10 - 2013-06-02 15:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 14:05 - 2014-08-17 14:02 - 00000000 ____D () C:\Users\Trisha\AppData\Local\LogMeInIgnition
2014-08-17 13:58 - 2014-06-25 21:17 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-17 13:58 - 2014-06-19 09:33 - 00000000 ____D () C:\ProgramData\RoyalShoppeerAPp
2014-08-17 13:46 - 2012-07-26 17:42 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 13:44 - 2013-05-12 13:44 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-08-17 13:43 - 2013-05-01 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 13:08 - 2014-08-17 13:08 - 00003308 _____ () C:\Windows\System32\Tasks\4800
2014-08-17 13:08 - 2014-08-17 13:08 - 00003210 _____ () C:\Windows\System32\Tasks\0
2014-08-17 07:06 - 2013-04-29 18:26 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Nico Mak Computing
2014-08-17 07:06 - 2013-04-29 18:25 - 00000000 ____D () C:\Program Files (x86)\WinZip Registry Optimizer
2014-08-17 07:02 - 2012-11-03 14:28 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Packages
2014-08-16 20:19 - 2013-04-22 23:16 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-08-16 19:59 - 2013-09-23 19:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-16 19:28 - 2013-06-02 15:21 - 00000000 ____D () C:\Firefox
2014-08-16 19:17 - 2014-04-13 18:32 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\systweak
2014-08-16 19:07 - 2014-04-13 18:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-16 18:59 - 2013-07-31 19:35 - 00000000 ____D () C:\Users\LIAM\AppData\Local\CrashDumps
2014-08-16 18:03 - 2014-04-02 16:04 - 00000000 ____D () C:\ProgramData\bd5a9d45a4cbc814
2014-08-16 17:59 - 2013-05-12 13:45 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\PerformerSoft
2014-08-16 17:56 - 2014-07-28 15:57 - 00000000 ____D () C:\Users\Trisha\Documents\ezvid
2014-08-16 17:49 - 2014-06-25 21:04 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-08-16 17:49 - 2014-03-08 21:12 - 311902043 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-08-16 17:45 - 2014-04-10 18:10 - 00000000 ____D () C:\Users\LIAM\AppData\Local\Pokki
2014-08-12 20:53 - 2013-08-06 20:18 - 00000000 ____D () C:\Users\LIAM\AppData\Roaming\.minecraft
2014-08-12 19:40 - 2014-04-21 17:10 - 00001350 _____ () C:\Users\LIAM\Desktop\Clean Registry for Free!.lnk
2014-08-09 14:52 - 2013-09-23 19:44 - 00000000 ____D () C:\Users\LIAM\AppData\Roaming\Skype
2014-08-09 00:06 - 2013-08-08 20:28 - 00000467 _____ () C:\Users\LIAM\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-08-09 00:02 - 2014-08-09 00:02 - 00149375 _____ () C:\Users\LIAM\Downloads\download (3).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download.htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (4).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (2).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (1).htm
2014-08-09 00:01 - 2014-08-09 00:01 - 00002325 _____ () C:\Users\LIAM\Desktop\Google Chrome (2).lnk
2014-08-07 20:50 - 2013-07-31 18:47 - 00000258 __RSH () C:\Users\LIAM\ntuser.pol
2014-08-07 20:50 - 2013-07-30 17:24 - 00000000 ____D () C:\Users\LIAM
2014-08-07 20:50 - 2013-06-02 15:11 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\.minecraft
2014-08-07 20:47 - 2014-08-07 20:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-08-07 19:55 - 2013-09-23 19:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-07 19:52 - 2014-08-07 19:51 - 00284712 _____ () C:\Windows\Minidump\080714-79828-01.dmp
2014-08-07 17:57 - 2014-08-07 17:57 - 04952969 _____ () C:\Users\LIAM\Downloads\world22.zip
2014-08-07 17:55 - 2014-08-07 17:55 - 18841588 _____ () C:\Users\LIAM\Downloads\FunLand 3.1.rar
2014-08-07 17:26 - 2014-08-07 17:22 - 00000782 _____ () C:\Users\LIAM\Downloads\world2.zip
2014-08-07 17:24 - 2014-08-07 17:24 - 00000000 ___HT () C:\Users\LIAM\Downloads\world2.zip~RFb7897d2.TMP
2014-08-07 17:24 - 2014-08-07 17:22 - 14372574 _____ () C:\Users\LIAM\Downloads\78a07148
2014-08-07 17:24 - 2013-08-06 20:20 - 00000000 ____D () C:\Users\LIAM\Desktop\saves
2014-08-07 17:22 - 2014-08-07 17:22 - 00000000 ____D () C:\Users\LIAM\Downloads\world2
2014-08-07 16:50 - 2012-07-26 16:51 - 00043164 _____ () C:\Windows\setupact.log
2014-08-07 16:03 - 2014-08-17 14:21 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 12:39 - 2014-08-17 14:21 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:57 - 2014-08-05 11:57 - 00284768 _____ () C:\Windows\Minidump\080514-38203-01.dmp
2014-08-05 11:28 - 2013-05-01 19:22 - 00000470 _____ () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-08-05 11:25 - 2014-08-05 11:24 - 00284768 _____ () C:\Windows\Minidump\080514-76765-01.dmp
2014-08-05 10:34 - 2014-08-05 10:34 - 00284768 _____ () C:\Windows\Minidump\080514-47468-01.dmp
2014-08-02 09:45 - 2014-08-17 14:00 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 09:45 - 2014-08-17 14:00 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 20:17 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-29 19:52 - 2014-07-28 15:59 - 00006656 _____ () C:\Users\LIAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\IsolatedStorage
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\fastcleanpro
2014-07-29 19:33 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\WinStore
2014-07-29 19:31 - 2013-05-14 15:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 19:31 - 2013-05-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 20:03 - 2014-07-28 15:58 - 00000000 ____D () C:\Users\LIAM\Documents\ezvid
2014-07-28 18:43 - 2013-05-14 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 18:34 - 2013-07-31 18:55 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-222191783-1610888516-101916340-1007
2014-07-28 17:59 - 2012-07-26 17:42 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-28 17:45 - 2014-04-08 10:38 - 00000000 ____D () C:\Users\Trisha\AppData\Local\fastcleanpro
2014-07-28 17:45 - 2013-05-12 16:26 - 00075056 _____ () C:\Windows\DirectX.log
2014-07-28 17:42 - 2014-07-28 17:42 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Sparta
2014-07-28 17:39 - 2014-07-28 17:39 - 00733096 _____ ( ) C:\Users\LIAM\Downloads\CR_Downloader_for_dolphin.exe
2014-07-28 15:58 - 2014-07-28 15:58 - 00000000 ____D () C:\Users\LIAM\AppData\Local\ezvid,_inc
2014-07-28 15:51 - 2014-07-28 15:51 - 01168896 _____ (Ezvid, inc. ) C:\Users\LIAM\Downloads\ezvid0982d.exe
2014-07-28 15:42 - 2014-04-06 23:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-28 15:41 - 2014-04-06 23:47 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-28 15:41 - 2014-04-06 23:47 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-28 15:41 - 2014-04-06 23:47 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-07-27 21:02 - 2014-07-27 21:02 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-27 18:20 - 2012-07-26 17:42 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 18:19 - 2012-07-26 17:22 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-25 12:55 - 2014-08-17 14:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-17 14:11 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-17 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-17 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 21:41 - 2014-08-16 19:24 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 21:40 - 2014-08-16 19:24 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 21:40 - 2014-08-16 19:24 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 21:40 - 2014-08-16 19:24 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-24 21:40 - 2014-08-16 19:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-24 21:39 - 2014-08-16 19:25 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 21:39 - 2014-08-16 19:24 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 21:39 - 2014-08-16 19:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 20:22 - 2014-08-16 19:24 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 20:22 - 2014-08-16 19:24 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 20:22 - 2014-08-16 19:24 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 20:21 - 2014-08-16 19:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 20:21 - 2014-08-16 19:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 20:03 - 2014-08-16 19:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 19:59 - 2014-08-16 19:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 17:33 - 2014-08-16 19:24 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-24 14:33 - 2014-07-24 14:33 - 00011336 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnrk.sys
2014-07-24 14:32 - 2014-07-24 14:32 - 00096592 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencrk.sys
2014-07-24 14:31 - 2014-07-24 14:31 - 00444720 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencbdc.sys

Some content of TEMP:
====================
C:\Users\LIAM\AppData\Local\Temp\1_flashplayer.exe
C:\Users\LIAM\AppData\Local\Temp\burnsetup.exe
C:\Users\LIAM\AppData\Local\Temp\COMAP.EXE
C:\Users\LIAM\AppData\Local\Temp\ffmpeg15.exe
C:\Users\LIAM\AppData\Local\Temp\ICReinstall_CR_Downloader_for_goldeneye-007.exe
C:\Users\LIAM\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-yellow.exe
C:\Users\LIAM\AppData\Local\Temp\prismsetup.exe
C:\Users\LIAM\AppData\Local\Temp\SPSetup.exe
C:\Users\LIAM\AppData\Local\Temp\ubi82CA.tmp.exe
C:\Users\LIAM\AppData\Local\Temp\vpsetup.exe
C:\Users\LIAM\AppData\Local\Temp\zipsetup.exe
C:\Users\Trisha\AppData\Local\Temp\nst434D.exe
C:\Users\Trisha\AppData\Local\Temp\nst827B.exe
C:\Users\Trisha\AppData\Local\Temp\uttE627.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-12 19:56

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Trisha at 2014-08-21 20:57:26
Running from C:\Users\Trisha\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
1310 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apowersoft Screen Recorder Pro V1.1.7 (HKLM-x32\...\{BADAA284-1D15-4EBB-B1E5-7C86603CDBBB}_is1) (Version: 1.1.7 - Apowersoft)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
BreakingNews (HKLM-x32\...\BreakingNews) (Version: 1.0.12 - NewsNet)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
BurnAware Free 5.2 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version:  - Sony Online Entertainment)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Desktop Screen Record 5 (HKLM-x32\...\Desktop Screen Record 5_is1) (Version: 1.5 - recordscreen.com)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VIO Player version 1.2 (HKLM-x32\...\{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1) (Version: 1.2 - VIO Player)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

13-07-2014 11:49:32 Windows Update
28-07-2014 08:13:42 Installed DirectX
16-08-2014 08:24:08 Removed FastCleanPro.
17-08-2014 10:30:30 Removed Far Cry 3
19-08-2014 10:37:20 Removed Norton Online Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 14:56 - 2012-07-26 14:56 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E3E772C-0373-49E6-AFAF-4F7980283206} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core => C:\Users\LIAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08] (Facebook Inc.)
Task: {11B5963D-196C-4718-A6E9-D99ED5B9F71A} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {14752EDF-0738-4FF3-AA91-24A5A5D82018} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: {1911B2AF-7E69-4CC4-8D53-C274EB58C5B4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA => C:\Users\LIAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08] (Facebook Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E721084-9FA6-454F-806E-4D06C05032A1} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1E90B794-A756-4C8E-BF73-9FAB804EEE33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core1cf3121c4971cb2 => C:\Users\LIAM\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.)
Task: {22BCAB30-6A43-4928-BE7F-8630A97ADE1C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {33768332-9988-4237-A684-12F9FD68023C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {36649C0F-1CAF-49FC-B7DA-05DDF63FC7E3} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {3FED45F6-9FF8-4EA1-A824-5FC324B53F95} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4420F355-BB53-459F-BEBE-231253017557} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {4767952C-650B-4FBE-80C5-CDAD3E251108} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {498CBC12-F944-4FB1-B512-38F4146EBA2F} - System32\Tasks\0 => Iexplore.exe
Task: {4A376EA0-31FD-434B-9EA4-0FF8A0122645} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {556F9939-AC98-4BA6-A851-4505532C7FDB} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: {57B0D6E7-BEEA-4CD0-BF1B-B02336ABEAF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA => C:\Users\LIAM\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.)
Task: {7B7D4E7E-47B5-466C-A5AF-EFDDEE93CC0F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {82806265-CF37-4736-98F6-28AC0A294712} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {83E0E7CC-7141-4A2A-9C8C-CC7B92618B38} - System32\Tasks\4800 => Wscript.exe C:\Users\Trisha\AppData\Local\Temp\launchie.vbs //B
Task: {863283CD-A4E1-485E-92AA-4CA6872C36BD} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-05-29] (Search Results, LLC)
Task: {87841E72-5650-4092-8183-07D891B4D552} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {87DEE663-CE88-4611-874D-4E85058FC0C2} - System32\Tasks\DealPly => C:\Users\Trisha\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8E75C68D-2E69-4A4B-9FF8-5195DF634CDD} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {A2A975FE-69E0-4713-B0B4-6CCB6D71BBA3} - System32\Tasks\NCH Software\DebutDowngrade => C:\Users\LIAM\AppData\Roaming\NCH Software\Program Files\Debut\debut.exe [2013-06-04] (NCH Software)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B11AF69E-226E-46F3-8C33-7DA5E0CA057F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {B1E9E653-8704-4821-8F6D-10C02ABFC566} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {BC0D7503-926C-407B-B9DB-8975687D5F74} - System32\Tasks\pricemeterdownloader => C:\Users\Trisha\AppData\Local\PriceMeter\pricemeterd.exe [2014-07-03] (PriceMeter)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CA2222E0-177D-4388-93FA-A438122ABE2B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {D3F8ADF0-AB60-40D4-9167-5171F9047D6E} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D8DEA228-2D8B-4314-8D2F-B6C0B19516CC} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {DE979A12-728D-4D52-B2A0-B3037B79C167} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {DFA1C557-9B92-47A3-8C13-E77DCB7C1AB8} - System32\Tasks\DTReg => C:\Users\Trisha\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EC1041D4-20F3-412C-BCC7-2813D4FF3E60} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {F9C225BB-61CD-40B3-95EC-CEB6A772397E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-05] (CyberLink)
Task: {FA55795A-09B2-4738-8621-33EFDF5151DA} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core.job => C:\Users\LIAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA.job => C:\Users\LIAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core1cf3121c4971cb2.job => C:\Users\LIAM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA.job => C:\Users\LIAM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: C:\Windows\Tasks\WebReg HP PSC 1310 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) =============

2014-01-28 06:15 - 2014-01-28 06:15 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2014-07-03 20:52 - 2014-07-03 20:52 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-05-11 14:53 - 2014-05-11 14:53 - 00709120 _____ () C:\Program Files\004\rqpbhevlkc64.exe
2012-08-09 18:42 - 2012-08-09 01:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 08:34 - 2012-07-31 08:34 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-09-03 21:21 - 2012-06-26 03:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-06-22 10:42 - 2012-06-22 10:42 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "GoforFilesInstaller Starter"
HKCU\...\StartupApproved\Run: => "PC_GIZMOS"
HKCU\...\StartupApproved\Run: => "Online Weather"
HKCU\...\StartupApproved\Run: => "Yontoo Desktop"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 08:56:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.8.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b60

Start Time: 01cfbd31fc03a453

Termination Time: 4294967295

Application Path: C:\Users\Trisha\Downloads\FRST64.exe

Report Id: f0e59c7a-2925-11e4-8076-b888e3bf4de8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/21/2014 08:47:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17054 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ad4

Start Time: 01cfbd31630ca074

Termination Time: 13

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: b0a24b2b-2924-11e4-8076-b888e3bf4de8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/21/2014 08:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17054 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 149c

Start Time: 01cfbd31354780c0

Termination Time: 14

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 9a06fcac-2924-11e4-8076-b888e3bf4de8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/19/2014 09:22:11 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (08/17/2014 04:34:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 10.0.9200.17054 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9b0

Start Time: 01cfb9e91dda4234

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 686be2fc-25dc-11e4-8072-b888e3bf4de8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/17/2014 04:06:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PropertySync.exe, version: 0.8.10.8, time stamp: 0x5098d97e
Faulting module name: PropertySync.exe, version: 0.8.10.8, time stamp: 0x5098d97e
Exception code: 0xc0000005
Fault offset: 0x000000000001a168
Faulting process id: 0x24c
Faulting application start time: 0xPropertySync.exe0
Faulting application path: PropertySync.exe1
Faulting module path: PropertySync.exe2
Report Id: PropertySync.exe3
Faulting package full name: PropertySync.exe4
Faulting package-relative application ID: PropertySync.exe5

Error: (08/17/2014 04:05:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: mcctxmnu.dll_unloaded, version: 0.0.0.0, time stamp: 0x51fc2499
Exception code: 0xc0000005
Fault offset: 0x000007fe4b231270
Faulting process id: 0x10c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (08/17/2014 02:29:34 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/17/2014 02:29:34 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (08/17/2014 02:29:34 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

System errors:
=============
Error: (08/21/2014 08:46:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/21/2014 08:46:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (08/19/2014 09:42:25 PM) (Source: DCOM) (EventID: 10016) (User: TRISHALAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}trishalaptopTrishaS-1-5-21-222191783-1610888516-101916340-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/19/2014 09:42:24 PM) (Source: DCOM) (EventID: 10016) (User: TRISHALAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}trishalaptopTrishaS-1-5-21-222191783-1610888516-101916340-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/19/2014 09:41:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Yontoo Desktop Updater service failed to start due to the following error:
%%2

Error: (08/19/2014 09:40:13 PM) (Source: DCOM) (EventID: 10010) (User: TRISHALAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/19/2014 09:39:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (08/19/2014 09:35:03 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa8009197b60, 0x000000c95a48c721)C:\Windows\MEMORY.DMP081914-32890-01

Error: (08/19/2014 09:35:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Yontoo Desktop Updater service failed to start due to the following error:
%%2

Error: (08/19/2014 09:34:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:10:22 PM on ‎8/‎19/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (08/21/2014 08:56:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe17.8.2014.0b6001cfbd31fc03a4534294967295C:\Users\Trisha\Downloads\FRST64.exef0e59c7a-2925-11e4-8076-b888e3bf4de8

Error: (08/21/2014 08:47:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17054ad401cfbd31630ca07413C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb0a24b2b-2924-11e4-8076-b888e3bf4de8

Error: (08/21/2014 08:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17054149c01cfbd31354780c014C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE9a06fcac-2924-11e4-8076-b888e3bf4de8

Error: (08/19/2014 09:22:11 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\WinZip\adxloader.dll.Manifestc:\program files (x86)\WinZip\adxloader.dll.Manifest2

Error: (08/17/2014 04:34:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe10.0.9200.170549b001cfb9e91dda42340C:\Program Files\Internet Explorer\iexplore.exe686be2fc-25dc-11e4-8072-b888e3bf4de8

Error: (08/17/2014 04:06:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PropertySync.exe0.8.10.85098d97ePropertySync.exe0.8.10.85098d97ec0000005000000000001a16824c01cfb9e575af9db8C:\Program Files\BreakingNews\x64\PropertySync.exeC:\Program Files\BreakingNews\x64\PropertySync.exed6f134d5-25d8-11e4-8072-b888e3bf4de8

Error: (08/17/2014 04:05:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1662851a94434mcctxmnu.dll_unloaded0.0.0.051fc2499c0000005000007fe4b23127010c01cfb9d417444e8bC:\Windows\Explorer.EXEmcctxmnu.dlla6f7d745-25d8-11e4-8072-b888e3bf4de8

Error: (08/17/2014 02:29:34 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/17/2014 02:29:34 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/17/2014 02:29:34 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3911.27 MB
Available physical RAM: 2131.23 MB
Total Pagefile: 7879.27 MB
Available Pagefile: 6070.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:292.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 02FFA569)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:04 PM

Posted 21 August 2014 - 06:47 AM

Hello realarce,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:04 PM

Posted 24 August 2014 - 08:45 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 25 August 2014 - 06:38 AM

Sorry Jo, just trying to get a backup to save, keeps tripping out



#10 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 27 August 2014 - 07:02 AM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17054

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 4101263360, free: 2195066880

Downloaded database version: v2014.08.27.02
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
------------ Kernel report ------------
     08/27/2014 20:44:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files\McAfee\AppStats\MfeASKM.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\System32\drivers\bScsiSDa.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\bScsiMSa.sys
\SystemRoot\System32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\Apowersoft_AudioDevice.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\b57xdmp.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\System32\drivers\umpass.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008549740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xfffffa8008546460
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800764d740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000035\
Lower Device Object: 0xfffffa80041b1060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800764d740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800764d1f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800764d740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80041b1060, DeviceName: \Device\00000035\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 2FFA569

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2673463363
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 7fd019cc-fe91-43c6-95a4-489c100b4d2
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2673463363
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 7fd019cc-fe91-43c6-95a4-489c100b4d2
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 27b3c3c0-932f-4c46-b83e-be6eebd1ff50
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID aeceb025-cbe5-400a-a64a-5a20f873bd3
    FirstLBA 821248  Last LBA 1435647
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 3671b590-ea86-4d1b-8452-83f23ed7e2a
    FirstLBA 1435648  Last LBA 1697791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b6787df4-f5b1-4b93-9e38-efc895d6bcd0
    FirstLBA 1697792  Last LBA 937428991
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9d1d9742-1556-47f8-b941-bd8ff6f7e7bd
    FirstLBA 937428992  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008549740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800854ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008549740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008546460, DeviceName: \Device\00000050\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 27651800

Partition information:

    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 1044162
    Partition file system is FAT32
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1044225  Numsec = 975723840

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107861504 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files\003\nuttkoqiez64.exe --> [Adware.Adpeak]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nuttkoqiez64 --> [Adware.Adpeak]
Infected: C:\Program Files\003\nuttkoqiez64.exe --> [Adware.Adpeak]
File C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys will be destroyed
Infected: C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys --> [PUP.Optional.Sanbreel.A]
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Infected: C:\ProgramData\374311380\BITA688.tmp --> [Rogue.Multiple]



#11 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 27 August 2014 - 07:10 AM

# AdwCleaner v3.308 - Report created 27/08/2014 at 21:34:38
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Trisha - TRISHALAPTOP
# Running from : C:\Users\Trisha\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IePluginServices
Service Found : Level Quality Watcher
Service Found : nuttkoqiez64
Service Found : rqpbhevlkc64
Service Found : Yontoo Desktop Updater
Service Found : nuttkoqiez64
Service Found : rqpbhevlkc64
Service Found : {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\LIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Found : C:\Users\LIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Found : C:\Users\LIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\LIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\LIAM\daemonprocess.txt
File Found : C:\Users\Trisha\AppData\Local\AnyProtectScannerSetup.exe
File Found : C:\Users\Trisha\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Trisha\daemonprocess.txt
File Found : C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DealPly
Folder Found : C:\Program Files (x86)\FindLyrics
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found : C:\Program Files (x86)\Zwinky_5qEI
Folder Found : C:\Program Files\003
Folder Found : C:\Program Files\003
Folder Found : C:\Program Files\004
Folder Found : C:\Program Files\004
Folder Found : C:\Program Files\BreakingNews
Folder Found : C:\Program Files\coupon downloader
Folder Found : C:\Program Files\Level Quality Watcher
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\ExtraShoppEr
Folder Found : C:\ProgramData\greaotssavinGe
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\ItsReadyApp
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Registry Helper
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\LIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Folder Found : C:\Users\LIAM\AppData\Local\Pokki
Folder Found : C:\Users\LIAM\AppData\Local\Software
Folder Found : C:\Users\LIAM\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\LIAM\AppData\LocalLow\buenosearch LTD
Folder Found : C:\Users\LIAM\AppData\LocalLow\SweetIM
Folder Found : C:\Users\LIAM\AppData\LocalLow\Torntv V9.0
Folder Found : C:\Users\LIAM\AppData\Roaming\NCH Software
Folder Found : C:\Users\LIAM\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\LIAM\AppData\Roaming\Systweak
Folder Found : C:\Users\Public\Util
Folder Found : C:\Users\Trisha\AppData\Local\Bundled software uninstaller
Folder Found : C:\Users\Trisha\AppData\Local\Conduit
Folder Found : C:\Users\Trisha\AppData\Local\coupon caddy
Folder Found : C:\Users\Trisha\AppData\Local\globalUpdate
Folder Found : C:\Users\Trisha\AppData\Local\iac
Folder Found : C:\Users\Trisha\AppData\Local\Mobogenie
Folder Found : C:\Users\Trisha\AppData\Local\PriceMeter
Folder Found : C:\Users\Trisha\AppData\Local\Software
Folder Found : C:\Users\Trisha\AppData\Local\webplayer
Folder Found : C:\Users\Trisha\AppData\LocalLow\Conduit
Folder Found : C:\Users\Trisha\AppData\LocalLow\Delta
Folder Found : C:\Users\Trisha\AppData\LocalLow\iac
Folder Found : C:\Users\Trisha\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Trisha\AppData\LocalLow\Zwinky_5qEI
Folder Found : C:\Users\Trisha\AppData\Roaming\Babylon
Folder Found : C:\Users\Trisha\AppData\Roaming\DealPly
Folder Found : C:\Users\Trisha\AppData\Roaming\goforfiles
Folder Found : C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreakingNews
Folder Found : C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Helper
Folder Found : C:\Users\Trisha\AppData\Roaming\NCdownloader
Folder Found : C:\Users\Trisha\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Trisha\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Trisha\AppData\Roaming\Systweak
Folder Found : C:\Users\Trisha\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Trisha\Documents\Optimizer Pro
Folder Found : C:\Users\Trisha\Documents\PC Cleaner
Folder Found : C:\Windows\SysWOW64\ARFC
Folder Found : C:\Windows\SysWOW64\jmdp
Folder Found : C:\Windows\SysWOW64\WNLT

***** [ Scheduled Tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : Dealply
Task Found : DealPlyUpdate
Task Found : DTChk
Task Found : DTReg
Task Found : GoforFilesUpdate
Task Found : LaunchApp
Task Found : Optimizer Pro Schedule
Task Found : pricemeterdownloader
Task Found : YourFile DownloaderUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\8538ad9b33ebf43
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\blockAndSurf
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\LyricsFan
Key Found : HKCU\Software\AppDataLow\Software\lyricsplus
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Savings Bull
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\suprasavings
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27488090-768A-4D20-A938-F223F71C344C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3033124F-06BF-4829-873A-310A125B4D4C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\PriceMeter
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\UpdateStar
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\WNLT
Key Found : HKCU\Software\YourFileDownloader
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\DealPly
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\PriceMeter
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SupHpUISoft
Key Found : [x64] HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\UpdateStar
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\8538ad9b33ebf43
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\DealPly
Key Found : HKLM\SOFTWARE\DealPlyLive
Key Found : HKLM\SOFTWARE\Email Notifier
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\PriceMeterLiveUpdate
Key Found : HKLM\SOFTWARE\Registry Helper
Key Found : HKLM\SOFTWARE\SavingsBullFilter
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\sweet-pageSoftware
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : HKLM\SOFTWARE\Zwinky_5qEI
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{328D6F78-0DBB-4F17-ACD5-26A2EA4EF251}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\coupon downloader
Key Found : [x64] HKLM\SOFTWARE\CouponDownloader
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : [x64] HKLM\SOFTWARE\suprasavings
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1408767377&from=cor&uid=ST9500325AS_S2WN0GZVXXXXS2WN0GZV&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1408767377&from=cor&uid=ST9500325AS_S2WN0GZVXXXXS2WN0GZV&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AU&userid=b653ee98-84c4-4b87-a135-9bbd08e48400&searchtype=ds&q={searchTerms}&installDate=07/04/2013
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1408767377&from=cor&uid=ST9500325AS_S2WN0GZVXXXXS2WN0GZV&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1408767377&from=cor&uid=ST9500325AS_S2WN0GZVXXXXS2WN0GZV&q={searchTerms}

-\\ Google Chrome v

[ File : C:\Users\LIAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : acfoobbgoakpihljnfedbcfaipcdlfhk
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

[ File : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : fgboogeaaklojbicocbcepgdjjfbmgli
Found [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [26257 octets] - [27/08/2014 21:34:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26318 octets] ##########



#12 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:04 PM

Posted 27 August 2014 - 07:27 AM

Hello,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 28 August 2014 - 06:26 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Trisha on Thu 28/08/2014 at 20:47:07.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\totalrecipesearch_14
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-222191783-1610888516-101916340-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\boostsoftware
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271149}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271149}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Trisha\appdata\locallow\gamingwonderlandei"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamingwonderlandei"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 28/08/2014 at 20:54:02.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#14 realarce

realarce
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 28 August 2014 - 06:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Trisha (administrator) on TRISHALAPTOP on 28-08-2014 20:57:04
Running from C:\Users\Trisha\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-222191783-1610888516-101916340-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-222191783-1610888516-101916340-1001\...\Run: [DelayShred] => c:\Program Files\mcafee\mqs\ShrCL.exe [128608 2013-07-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {8E80FD9C-2425-4BC8-9B01-3B4D199788BA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBC90FA65-EA85-4688-B0F0-3547BB029065&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {8E80FD9C-2425-4BC8-9B01-3B4D199788BA} URL =
SearchScopes: HKCU - {956BA372-35B8-4C67-87F8-817444F33873} URL = https://au.search.yahoo.com/search?fr=mcafee&type=A011AU662&p={SearchTerms}
BHO: greaotssavinGe -> {5580605B-4FF3-C6A5-8183-EFAA35D77428} -> C:\ProgramData\greaotssavinGe\u8.x64.dll No File
BHO: ExtraShoppEr -> {6BDAE042-6F8D-AB85-73D5-341767E214DD} -> C:\ProgramData\ExtraShoppEr\6T6.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> C:\Program Files\BreakingNews\x64\ScriptHost.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> C:\Program Files\BreakingNews\ScriptHost.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @news.net/npapi -> C:\Program Files\BreakingNews\npapi.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-04]
FF HKCU\...\Firefox\Extensions: [freegames115@BestOffers] - C:\Users\Trisha\AppData\Roaming\Mozilla\Extensions\freegames115@BestOffers
FF Extension: Free Games 115 - C:\Users\Trisha\AppData\Roaming\Mozilla\Extensions\freegames115@BestOffers [2014-03-07]

Chrome:
=======
CHR Profile: C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-08-25] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-03] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-15] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-08-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-03] (Dritek System Inc.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 20:56 - 2014-08-28 20:56 - 00000000 ____D () C:\Users\Trisha\Downloads\FRST-OlderVersion
2014-08-28 20:54 - 2014-08-28 20:54 - 00001766 _____ () C:\Users\Trisha\Desktop\JRT.txt
2014-08-28 20:47 - 2014-08-28 20:47 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 20:45 - 2014-08-28 20:46 - 01016261 _____ (Thisisu) C:\Users\Trisha\Downloads\JRT.exe
2014-08-28 20:02 - 2014-08-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-27 21:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-27 21:34 - 2014-08-28 07:38 - 00000000 ____D () C:\AdwCleaner
2014-08-27 20:47 - 2014-08-27 20:47 - 00000327 _____ () C:\Users\Trisha\Desktop\HP Printer Diagnostic Tools.url
2014-08-27 20:44 - 2014-08-28 07:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-27 20:44 - 2014-08-27 20:44 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 20:44 - 2014-08-27 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 20:43 - 2014-08-28 07:28 - 00000000 ____D () C:\Users\Trisha\Desktop\mbar
2014-08-27 20:43 - 2014-08-27 20:43 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 02:41 - 2014-08-26 02:41 - 00000000 ____D () C:\Program Files\revision
2014-08-25 20:00 - 2014-08-25 21:25 - 00000000 ____D () C:\Program Files (x86)\revision
2014-08-25 19:43 - 2014-08-25 19:43 - 00000000 ____D () C:\Users\Trisha\Documents\revision
2014-08-25 02:44 - 2014-08-25 02:44 - 00000000 ___HD () C:\Windows\.BackupManager
2014-08-25 02:42 - 2014-08-25 02:42 - 00000000 ___HD () C:\Users\liam8_000\.BackupManager
2014-08-25 02:15 - 2014-08-25 02:15 - 00000000 ___HD () C:\Users\Trisha\.BackupManager
2014-08-24 21:31 - 2014-08-24 21:31 - 00000000 ___HD () C:\Users\LIAM\.BackupManager
2014-08-24 21:31 - 2014-08-24 21:31 - 00000000 ___HD () C:\Users\Default\.BackupManager
2014-08-24 21:30 - 2014-08-24 21:30 - 00000000 ___HD () C:\Users\Administrator\.BackupManager
2014-08-24 21:21 - 2014-08-24 21:21 - 00000000 ___HD () C:\ProgramData\.BackupManager
2014-08-24 20:10 - 2014-08-24 20:10 - 00000000 ___HD () C:\Program Files\.BackupManager
2014-08-24 19:32 - 2014-08-24 19:32 - 00000000 ___HD () C:\Program Files (x86)\.BackupManager
2014-08-24 09:30 - 2014-08-24 09:31 - 00284824 _____ () C:\Windows\Minidump\082414-27062-01.dmp
2014-08-24 07:13 - 2014-08-24 07:13 - 00000000 ___HD () C:\Users\Trisha\AppData\.BackupManager
2014-08-24 07:13 - 2014-08-24 07:13 - 00000000 ___HD () C:\Users\Public\Desktop\.BackupManager
2014-08-24 07:12 - 2014-08-24 07:12 - 00000000 ___HD () C:\Users\Trisha\Documents\.BackupManager
2014-08-24 06:43 - 2014-08-24 06:43 - 00000000 __SHD () C:\.uuid
2014-08-23 16:27 - 2014-08-23 16:27 - 00000000 ____D () C:\Users\Trisha\AppData\Local\ClearfiMedia
2014-08-23 16:06 - 2014-08-23 16:06 - 00000000 ____D () C:\ProgramData\NTIRegEt
2014-08-23 14:05 - 2014-08-23 14:05 - 00284768 _____ () C:\Windows\Minidump\082314-24562-01.dmp
2014-08-23 13:49 - 2014-08-23 13:49 - 00000000 ____D () C:\Users\Trisha\IOption
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\WorldofTanks
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\sparta111
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Local\WorldofTanks
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Plarium
2014-08-23 13:45 - 2014-08-23 13:44 - 07090595 _____ (NTI (NewTech Infosystems, Inc.) ) C:\Users\Trisha\Downloads\Acer_NTI_BackUpNOW4024_for_CDDVDMaker7007101_Notebook_Update_MultiLingual [1].exe
2014-08-23 13:39 - 2014-08-23 13:39 - 00284824 _____ () C:\Windows\Minidump\082314-27375-01.dmp
2014-08-23 11:39 - 2014-08-23 11:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Trisha\Downloads\mbar-1.07.0.1012.exe
2014-08-23 11:38 - 2014-08-23 11:38 - 01364531 _____ () C:\Users\Trisha\Downloads\AdwCleaner.exe
2014-08-22 21:02 - 2014-05-15 10:32 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 21:02 - 2014-05-15 08:13 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 21:02 - 2014-05-15 08:13 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 21:02 - 2014-05-15 08:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-22 21:02 - 2014-05-15 08:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-21 20:52 - 2014-08-21 20:58 - 00046533 _____ () C:\Users\Trisha\Downloads\Addition.txt
2014-08-21 20:51 - 2014-08-28 20:57 - 00021156 _____ () C:\Users\Trisha\Downloads\FRST.txt
2014-08-21 20:51 - 2014-08-28 20:57 - 00000000 ____D () C:\FRST
2014-08-21 20:50 - 2014-08-28 20:56 - 02103296 _____ (Farbar) C:\Users\Trisha\Downloads\FRST64.exe
2014-08-19 21:34 - 2014-08-19 21:35 - 00284824 _____ () C:\Windows\Minidump\081914-32890-01.dmp
2014-08-19 21:10 - 2014-08-19 21:10 - 00284824 _____ () C:\Windows\Minidump\081914-84562-01.dmp
2014-08-19 21:08 - 2014-08-25 06:49 - 00000000 __SHD () C:\found.000
2014-08-19 20:42 - 2014-08-19 20:42 - 00602112 _____ (OldTimer Tools) C:\Users\Trisha\Downloads\OTL.exe
2014-08-19 20:39 - 2014-08-19 20:39 - 00854417 _____ () C:\Users\Trisha\Downloads\SecurityCheck.exe
2014-08-19 20:31 - 2014-08-19 20:35 - 00000000 ____D () C:\Users\Trisha\Downloads\backups
2014-08-19 20:11 - 2014-08-19 20:11 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-17 19:59 - 2014-08-17 19:59 - 00003232 _____ () C:\Windows\System32\Tasks\{6689DAB4-D578-45C9-9F41-00402780A055}
2014-08-17 16:31 - 2014-08-17 16:31 - 00017179 _____ () C:\Users\Trisha\Documents\hijackthis.log
2014-08-17 16:26 - 2014-08-19 20:22 - 00016438 _____ () C:\Users\Trisha\Downloads\hijackthis.log
2014-08-17 16:24 - 2014-08-17 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Trisha\Downloads\HijackThis.exe
2014-08-17 16:07 - 2014-08-17 16:07 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle
2014-08-17 16:05 - 2014-08-17 16:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 14:21 - 2014-08-07 16:03 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 14:21 - 2014-08-07 12:39 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 14:11 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 14:10 - 2014-08-17 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 14:10 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 14:10 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 14:10 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 14:09 - 2014-08-17 14:10 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 14:02 - 2014-08-17 14:05 - 00000000 ____D () C:\Users\Trisha\AppData\Local\LogMeInIgnition
2014-08-17 14:00 - 2014-08-02 09:45 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-17 14:00 - 2014-08-02 09:45 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 13:29 - 2014-07-16 08:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-17 13:26 - 2014-06-11 08:14 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 13:26 - 2014-06-11 08:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 13:08 - 2014-08-17 13:08 - 00003308 _____ () C:\Windows\System32\Tasks\4800
2014-08-17 13:08 - 2014-08-17 13:08 - 00003210 _____ () C:\Windows\System32\Tasks\0
2014-08-16 19:25 - 2014-07-24 21:39 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 19:25 - 2014-06-13 11:27 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 19:25 - 2014-06-13 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 19:24 - 2014-07-24 21:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 19:24 - 2014-07-24 21:40 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 19:24 - 2014-07-24 21:40 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 19:24 - 2014-07-24 21:40 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 19:24 - 2014-07-24 21:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 19:24 - 2014-07-24 21:39 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 19:24 - 2014-07-24 21:39 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 19:24 - 2014-07-24 20:22 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 19:24 - 2014-07-24 20:22 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 19:24 - 2014-07-24 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 19:24 - 2014-07-24 20:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 19:24 - 2014-07-24 20:21 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 19:24 - 2014-07-24 20:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 19:24 - 2014-07-24 19:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 19:24 - 2014-07-24 17:33 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-16 19:24 - 2014-06-20 09:05 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 19:24 - 2014-06-20 07:54 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 19:24 - 2014-06-06 03:00 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-16 19:23 - 2014-06-06 03:26 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 19:23 - 2014-06-06 02:59 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 19:23 - 2014-06-06 02:59 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 19:23 - 2014-06-06 02:58 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 19:23 - 2014-06-06 02:58 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-16 19:23 - 2014-06-05 22:42 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-16 19:23 - 2014-06-05 22:41 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 19:23 - 2014-06-05 22:41 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 19:23 - 2014-06-05 22:40 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 19:23 - 2014-06-05 22:40 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-16 19:23 - 2014-05-29 13:34 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-16 19:23 - 2014-05-08 11:04 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-09 00:02 - 2014-08-09 00:02 - 00149375 _____ () C:\Users\LIAM\Downloads\download (3).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download.htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (4).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (2).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (1).htm
2014-08-09 00:01 - 2014-08-09 00:01 - 00002325 _____ () C:\Users\LIAM\Desktop\Google Chrome (2).lnk
2014-08-07 20:47 - 2014-08-07 20:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-08-07 19:51 - 2014-08-07 19:52 - 00284712 _____ () C:\Windows\Minidump\080714-79828-01.dmp
2014-08-07 17:57 - 2014-08-07 17:57 - 04952969 _____ () C:\Users\LIAM\Downloads\world22.zip
2014-08-07 17:55 - 2014-08-07 17:55 - 18841588 _____ () C:\Users\LIAM\Downloads\FunLand 3.1.rar
2014-08-07 17:24 - 2014-08-07 17:24 - 00000000 ___HT () C:\Users\LIAM\Downloads\world2.zip~RFb7897d2.TMP
2014-08-07 17:22 - 2014-08-07 17:26 - 00000782 _____ () C:\Users\LIAM\Downloads\world2.zip
2014-08-07 17:22 - 2014-08-07 17:24 - 14372574 _____ () C:\Users\LIAM\Downloads\78a07148
2014-08-07 17:22 - 2014-08-07 17:22 - 00000000 ____D () C:\Users\LIAM\Downloads\world2
2014-08-05 11:57 - 2014-08-05 11:57 - 00284768 _____ () C:\Windows\Minidump\080514-38203-01.dmp
2014-08-05 11:24 - 2014-08-05 11:25 - 00284768 _____ () C:\Windows\Minidump\080514-76765-01.dmp
2014-08-05 10:34 - 2014-08-05 10:34 - 00284768 _____ () C:\Windows\Minidump\080514-47468-01.dmp
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\IsolatedStorage
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\fastcleanpro
2014-07-29 19:33 - 2014-08-19 21:10 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 20:57 - 2014-08-21 20:51 - 00021156 _____ () C:\Users\Trisha\Downloads\FRST.txt
2014-08-28 20:57 - 2014-08-21 20:51 - 00000000 ____D () C:\FRST
2014-08-28 20:56 - 2014-08-28 20:56 - 00000000 ____D () C:\Users\Trisha\Downloads\FRST-OlderVersion
2014-08-28 20:56 - 2014-08-21 20:50 - 02103296 _____ (Farbar) C:\Users\Trisha\Downloads\FRST64.exe
2014-08-28 20:56 - 2013-09-23 21:20 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Skype
2014-08-28 20:54 - 2014-08-28 20:54 - 00001766 _____ () C:\Users\Trisha\Desktop\JRT.txt
2014-08-28 20:47 - 2014-08-28 20:47 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 20:46 - 2014-08-28 20:45 - 01016261 _____ (Thisisu) C:\Users\Trisha\Downloads\JRT.exe
2014-08-28 20:34 - 2014-04-10 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 20:32 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\system32\sru
2014-08-28 20:27 - 2013-09-08 14:22 - 00000950 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA.job
2014-08-28 20:14 - 2013-03-28 08:32 - 01315273 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 20:12 - 2013-12-24 14:25 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007UA.job
2014-08-28 20:08 - 2013-09-08 18:47 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 20:02 - 2014-08-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-28 19:51 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-28 19:47 - 2012-07-26 17:29 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-28 07:45 - 2014-04-22 16:52 - 00000400 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-08-28 07:45 - 2014-04-22 16:52 - 00000400 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-08-28 07:45 - 2014-02-05 18:53 - 00000408 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-08-28 07:45 - 2014-02-05 18:53 - 00000406 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-08-28 07:45 - 2013-09-08 18:47 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 07:45 - 2013-04-22 23:09 - 00000404 _____ () C:\Windows\Tasks\SmartPCFix Task.job
2014-08-28 07:43 - 2014-04-06 23:47 - 00000968 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-08-28 07:43 - 2014-04-06 23:47 - 00000952 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-08-28 07:43 - 2012-08-04 16:41 - 00180516 _____ () C:\Windows\PFRO.log
2014-08-28 07:43 - 2012-07-26 16:52 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 07:41 - 2014-04-06 23:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-28 07:38 - 2014-08-27 21:34 - 00000000 ____D () C:\AdwCleaner
2014-08-28 07:37 - 2013-07-30 17:24 - 00000000 ____D () C:\Users\LIAM
2014-08-28 07:37 - 2013-03-28 08:30 - 00000000 ____D () C:\Users\Trisha
2014-08-28 07:28 - 2014-08-27 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 07:28 - 2014-08-27 20:43 - 00000000 ____D () C:\Users\Trisha\Desktop\mbar
2014-08-27 21:53 - 2012-11-03 14:28 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Packages
2014-08-27 21:08 - 2013-07-04 11:18 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\HpUpdate
2014-08-27 20:47 - 2014-08-27 20:47 - 00000327 _____ () C:\Users\Trisha\Desktop\HP Printer Diagnostic Tools.url
2014-08-27 20:44 - 2014-08-27 20:44 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 20:44 - 2014-08-27 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 20:43 - 2014-08-27 20:43 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 14:27 - 2013-09-08 14:22 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core.job
2014-08-27 12:12 - 2014-02-24 15:02 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222191783-1610888516-101916340-1007Core1cf3121c4971cb2.job
2014-08-27 08:49 - 2012-07-26 14:56 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-26 02:41 - 2014-08-26 02:41 - 00000000 ____D () C:\Program Files\revision
2014-08-25 21:25 - 2014-08-25 20:00 - 00000000 ____D () C:\Program Files (x86)\revision
2014-08-25 21:24 - 2013-08-25 12:29 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-08-25 20:45 - 2013-10-07 20:03 - 00000000 ____D () C:\Program Files (x86)\Desktop Screen Record 5
2014-08-25 20:45 - 2012-08-04 16:51 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS
2014-08-25 20:43 - 2012-08-04 16:51 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-08-25 20:38 - 2013-10-07 11:02 - 00000000 ____D () C:\Program Files (x86)\etax2013
2014-08-25 20:31 - 2014-03-13 17:17 - 00000000 ____D () C:\Program Files (x86)\iFree Skype Recorder
2014-08-25 20:31 - 2013-07-04 11:19 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-08-25 20:31 - 2013-07-04 11:14 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-25 20:23 - 2012-09-03 21:24 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-08-25 20:22 - 2014-04-06 23:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-08-25 20:08 - 2013-05-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-25 20:03 - 2014-05-13 22:15 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.0.0
2014-08-25 20:03 - 2012-09-03 21:23 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-08-25 20:02 - 2013-09-23 19:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-25 20:02 - 2013-04-21 11:01 - 00000000 ____D () C:\Program Files (x86)\VIO Player
2014-08-25 20:02 - 2012-09-03 21:29 - 00000000 ____D () C:\Program Files (x86)\Spotify
2014-08-25 20:01 - 2013-04-29 18:27 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-08-25 19:44 - 2012-08-04 17:39 - 00000000 ___HD () C:\OEM
2014-08-25 19:43 - 2014-08-25 19:43 - 00000000 ____D () C:\Users\Trisha\Documents\revision
2014-08-25 19:43 - 2013-07-04 11:46 - 00000000 ____D () C:\Users\Trisha\Documents\My Scans
2014-08-25 19:43 - 2013-03-28 08:03 - 00000000 ___HD () C:\$SysReset
2014-08-25 19:43 - 2012-12-05 18:27 - 00000000 ____D () C:\Users\Trisha\Documents\OneNote Notebooks
2014-08-25 19:43 - 2012-11-03 14:41 - 00000000 __RHD () C:\MSOCache
2014-08-25 19:43 - 2012-08-04 16:44 - 00000000 ___HD () C:\Intel
2014-08-25 07:02 - 2014-03-08 21:11 - 00000000 ____D () C:\temp
2014-08-25 07:02 - 2013-02-11 18:05 - 00000000 ____D () C:\tmp
2014-08-25 06:59 - 2013-07-30 17:33 - 00000000 ____D () C:\liams vids
2014-08-25 06:49 - 2014-08-19 21:08 - 00000000 __SHD () C:\found.000
2014-08-25 02:44 - 2014-08-25 02:44 - 00000000 ___HD () C:\Windows\.BackupManager
2014-08-25 02:42 - 2014-08-25 02:42 - 00000000 ___HD () C:\Users\liam8_000\.BackupManager
2014-08-25 02:42 - 2013-03-28 08:30 - 00000000 ____D () C:\Users\liam8_000
2014-08-25 02:15 - 2014-08-25 02:15 - 00000000 ___HD () C:\Users\Trisha\.BackupManager
2014-08-24 21:31 - 2014-08-24 21:31 - 00000000 ___HD () C:\Users\LIAM\.BackupManager
2014-08-24 21:31 - 2014-08-24 21:31 - 00000000 ___HD () C:\Users\Default\.BackupManager
2014-08-24 21:31 - 2012-07-26 15:07 - 00000000 __RHD () C:\Users\Default
2014-08-24 21:30 - 2014-08-24 21:30 - 00000000 ___HD () C:\Users\Administrator\.BackupManager
2014-08-24 21:30 - 2012-08-04 16:42 - 00000000 ____D () C:\Users\Administrator
2014-08-24 21:21 - 2014-08-24 21:21 - 00000000 ___HD () C:\ProgramData\.BackupManager
2014-08-24 20:10 - 2014-08-24 20:10 - 00000000 ___HD () C:\Program Files\.BackupManager
2014-08-24 19:32 - 2014-08-24 19:32 - 00000000 ___HD () C:\Program Files (x86)\.BackupManager
2014-08-24 19:16 - 2013-06-02 15:21 - 00000000 ____D () C:\Firefox
2014-08-24 18:39 - 2013-03-28 08:58 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-222191783-1610888516-101916340-1001
2014-08-24 09:31 - 2014-08-24 09:30 - 00284824 _____ () C:\Windows\Minidump\082414-27062-01.dmp
2014-08-24 09:30 - 2014-04-14 20:28 - 00000000 ____D () C:\Windows\Minidump
2014-08-24 09:30 - 2014-04-14 20:27 - 389821796 _____ () C:\Windows\MEMORY.DMP
2014-08-24 07:13 - 2014-08-24 07:13 - 00000000 ___HD () C:\Users\Trisha\AppData\.BackupManager
2014-08-24 07:13 - 2014-08-24 07:13 - 00000000 ___HD () C:\Users\Public\Desktop\.BackupManager
2014-08-24 07:12 - 2014-08-24 07:12 - 00000000 ___HD () C:\Users\Trisha\Documents\.BackupManager
2014-08-24 06:44 - 2014-07-28 17:42 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Sparta
2014-08-24 06:43 - 2014-08-24 06:43 - 00000000 __SHD () C:\.uuid
2014-08-24 06:43 - 2012-08-04 16:49 - 00000000 ____D () C:\ProgramData\BackupManager
2014-08-24 06:42 - 2012-08-04 16:51 - 00000000 ____D () C:\ProgramData\Temp
2014-08-24 06:40 - 2012-07-26 14:56 - 00000261 _____ () C:\Windows\win.ini
2014-08-23 16:27 - 2014-08-23 16:27 - 00000000 ____D () C:\Users\Trisha\AppData\Local\ClearfiMedia
2014-08-23 16:21 - 2013-04-11 18:57 - 00000000 ____D () C:\Users\Trisha\AppData\Local\clear.fi
2014-08-23 16:18 - 2012-09-03 21:40 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll
2014-08-23 16:16 - 2013-04-07 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Maker 8
2014-08-23 16:07 - 2012-09-03 21:41 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdateV9.dll
2014-08-23 16:06 - 2014-08-23 16:06 - 00000000 ____D () C:\ProgramData\NTIRegEt
2014-08-23 16:06 - 2013-04-20 18:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\CrashDumps
2014-08-23 16:06 - 2012-09-03 21:41 - 00000000 ____D () C:\ProgramData\NTI Launcher
2014-08-23 16:06 - 2012-09-03 21:40 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9REGET.dll
2014-08-23 14:05 - 2014-08-23 14:05 - 00284768 _____ () C:\Windows\Minidump\082314-24562-01.dmp
2014-08-23 13:49 - 2014-08-23 13:49 - 00000000 ____D () C:\Users\Trisha\IOption
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\WorldofTanks
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\sparta111
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Local\WorldofTanks
2014-08-23 13:47 - 2014-08-23 13:47 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Plarium
2014-08-23 13:44 - 2014-08-23 13:45 - 07090595 _____ (NTI (NewTech Infosystems, Inc.) ) C:\Users\Trisha\Downloads\Acer_NTI_BackUpNOW4024_for_CDDVDMaker7007101_Notebook_Update_MultiLingual [1].exe
2014-08-23 13:43 - 2013-05-01 20:15 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Deployment
2014-08-23 13:43 - 2013-05-01 20:15 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Apps\2.0
2014-08-23 13:39 - 2014-08-23 13:39 - 00284824 _____ () C:\Windows\Minidump\082314-27375-01.dmp
2014-08-23 12:20 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\rescache
2014-08-23 11:51 - 2012-07-26 16:58 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 11:50 - 2012-07-26 16:51 - 00043960 _____ () C:\Windows\setupact.log
2014-08-23 11:39 - 2014-08-23 11:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Trisha\Downloads\mbar-1.07.0.1012.exe
2014-08-23 11:38 - 2014-08-23 11:38 - 01364531 _____ () C:\Users\Trisha\Downloads\AdwCleaner.exe
2014-08-21 20:58 - 2014-08-21 20:52 - 00046533 _____ () C:\Users\Trisha\Downloads\Addition.txt
2014-08-19 21:40 - 2014-05-03 11:24 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\BitTorrent
2014-08-19 21:35 - 2014-08-19 21:34 - 00284824 _____ () C:\Windows\Minidump\081914-32890-01.dmp
2014-08-19 21:25 - 2014-05-03 11:24 - 00000838 _____ () C:\Users\Trisha\Desktop\BitTorrent.lnk
2014-08-19 21:25 - 2014-05-03 11:24 - 00000818 _____ () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-08-19 21:24 - 2014-05-03 11:23 - 00000000 ____D () C:\Users\LIAM\AppData\Roaming\BitTorrent
2014-08-19 21:10 - 2014-08-19 21:10 - 00284824 _____ () C:\Windows\Minidump\081914-84562-01.dmp
2014-08-19 21:10 - 2014-07-29 19:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 21:10 - 2012-08-04 16:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-19 21:09 - 2012-09-03 21:42 - 00000000 ____D () C:\ProgramData\Norton
2014-08-19 20:42 - 2014-08-19 20:42 - 00602112 _____ (OldTimer Tools) C:\Users\Trisha\Downloads\OTL.exe
2014-08-19 20:39 - 2014-08-19 20:39 - 00854417 _____ () C:\Users\Trisha\Downloads\SecurityCheck.exe
2014-08-19 20:35 - 2014-08-19 20:31 - 00000000 ____D () C:\Users\Trisha\Downloads\backups
2014-08-19 20:22 - 2014-08-17 16:26 - 00016438 _____ () C:\Users\Trisha\Downloads\hijackthis.log
2014-08-19 20:21 - 2013-08-19 22:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-19 20:21 - 2013-04-03 20:30 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-19 20:11 - 2014-08-19 20:11 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-19 20:11 - 2013-07-04 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-17 20:56 - 2012-07-26 14:56 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-08-17 20:52 - 2013-08-21 17:39 - 00000000 ____D () C:\YOUTUBE
2014-08-17 20:22 - 2012-08-04 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-08-17 20:22 - 2012-08-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-08-17 20:02 - 2013-06-20 20:23 - 00000000 ____D () C:\Program Files\FFsplit
2014-08-17 20:01 - 2013-09-06 17:12 - 00000000 ____D () C:\Users\LIAM\AppData\Local\Ubisoft Game Launcher
2014-08-17 20:01 - 2012-08-04 16:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-17 19:59 - 2014-08-17 19:59 - 00003232 _____ () C:\Windows\System32\Tasks\{6689DAB4-D578-45C9-9F41-00402780A055}
2014-08-17 16:31 - 2014-08-17 16:31 - 00017179 _____ () C:\Users\Trisha\Documents\hijackthis.log
2014-08-17 16:24 - 2014-08-17 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Trisha\Downloads\HijackThis.exe
2014-08-17 16:14 - 2012-08-04 16:49 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-08-17 16:07 - 2014-08-17 16:07 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle
2014-08-17 16:05 - 2014-08-17 16:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 14:56 - 2013-04-22 23:19 - 00000258 __RSH () C:\Users\Trisha\ntuser.pol
2014-08-17 14:10 - 2014-08-17 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 14:10 - 2014-08-17 14:09 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 14:10 - 2013-06-02 15:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 14:05 - 2014-08-17 14:02 - 00000000 ____D () C:\Users\Trisha\AppData\Local\LogMeInIgnition
2014-08-17 13:58 - 2014-06-25 21:17 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-17 13:58 - 2014-06-19 09:33 - 00000000 ____D () C:\ProgramData\RoyalShoppeerAPp
2014-08-17 13:46 - 2012-07-26 17:42 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 13:43 - 2013-05-01 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 13:08 - 2014-08-17 13:08 - 00003308 _____ () C:\Windows\System32\Tasks\4800
2014-08-17 13:08 - 2014-08-17 13:08 - 00003210 _____ () C:\Windows\System32\Tasks\0
2014-08-17 07:06 - 2013-04-29 18:26 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Nico Mak Computing
2014-08-16 19:59 - 2013-09-23 19:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-16 19:07 - 2014-04-13 18:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-16 18:59 - 2013-07-31 19:35 - 00000000 ____D () C:\Users\LIAM\AppData\Local\CrashDumps
2014-08-16 18:03 - 2014-04-02 16:04 - 00000000 ____D () C:\ProgramData\bd5a9d45a4cbc814
2014-08-16 17:56 - 2014-07-28 15:57 - 00000000 ____D () C:\Users\Trisha\Documents\ezvid
2014-08-16 17:49 - 2014-03-08 21:12 - 311902043 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-08-12 20:53 - 2013-08-06 20:18 - 00000000 ____D () C:\Users\LIAM\AppData\Roaming\.minecraft
2014-08-12 19:40 - 2014-04-21 17:10 - 00001350 _____ () C:\Users\LIAM\Desktop\Clean Registry for Free!.lnk
2014-08-09 14:52 - 2013-09-23 19:44 - 00000000 ____D () C:\Users\LIAM\AppData\Roaming\Skype
2014-08-09 00:06 - 2013-08-08 20:28 - 00000467 _____ () C:\Users\LIAM\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-08-09 00:02 - 2014-08-09 00:02 - 00149375 _____ () C:\Users\LIAM\Downloads\download (3).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download.htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (4).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (2).htm
2014-08-09 00:02 - 2014-08-09 00:02 - 00149357 _____ () C:\Users\LIAM\Downloads\download (1).htm
2014-08-09 00:01 - 2014-08-09 00:01 - 00002325 _____ () C:\Users\LIAM\Desktop\Google Chrome (2).lnk
2014-08-07 20:50 - 2013-07-31 18:47 - 00000258 __RSH () C:\Users\LIAM\ntuser.pol
2014-08-07 20:50 - 2013-06-02 15:11 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\.minecraft
2014-08-07 20:47 - 2014-08-07 20:47 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-08-07 19:52 - 2014-08-07 19:51 - 00284712 _____ () C:\Windows\Minidump\080714-79828-01.dmp
2014-08-07 17:57 - 2014-08-07 17:57 - 04952969 _____ () C:\Users\LIAM\Downloads\world22.zip
2014-08-07 17:55 - 2014-08-07 17:55 - 18841588 _____ () C:\Users\LIAM\Downloads\FunLand 3.1.rar
2014-08-07 17:26 - 2014-08-07 17:22 - 00000782 _____ () C:\Users\LIAM\Downloads\world2.zip
2014-08-07 17:24 - 2014-08-07 17:24 - 00000000 ___HT () C:\Users\LIAM\Downloads\world2.zip~RFb7897d2.TMP
2014-08-07 17:24 - 2014-08-07 17:22 - 14372574 _____ () C:\Users\LIAM\Downloads\78a07148
2014-08-07 17:24 - 2013-08-06 20:20 - 00000000 ____D () C:\Users\LIAM\Desktop\saves
2014-08-07 17:22 - 2014-08-07 17:22 - 00000000 ____D () C:\Users\LIAM\Downloads\world2
2014-08-07 16:03 - 2014-08-17 14:21 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 12:39 - 2014-08-17 14:21 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:57 - 2014-08-05 11:57 - 00284768 _____ () C:\Windows\Minidump\080514-38203-01.dmp
2014-08-05 11:28 - 2013-05-01 19:22 - 00000470 _____ () C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-08-05 11:25 - 2014-08-05 11:24 - 00284768 _____ () C:\Windows\Minidump\080514-76765-01.dmp
2014-08-05 10:34 - 2014-08-05 10:34 - 00284768 _____ () C:\Windows\Minidump\080514-47468-01.dmp
2014-08-02 09:45 - 2014-08-17 14:00 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 09:45 - 2014-08-17 14:00 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 20:17 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-29 19:52 - 2014-07-28 15:59 - 00006656 _____ () C:\Users\LIAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\IsolatedStorage
2014-07-29 19:51 - 2014-07-29 19:51 - 00000000 ____D () C:\Users\LIAM\AppData\Local\fastcleanpro
2014-07-29 19:33 - 2012-07-26 17:42 - 00000000 ____D () C:\Windows\WinStore
2014-07-29 19:31 - 2013-05-14 15:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\LIAM\AppData\Local\Temp\1_flashplayer.exe
C:\Users\LIAM\AppData\Local\Temp\burnsetup.exe
C:\Users\LIAM\AppData\Local\Temp\COMAP.EXE
C:\Users\LIAM\AppData\Local\Temp\ffmpeg15.exe
C:\Users\LIAM\AppData\Local\Temp\ICReinstall_CR_Downloader_for_goldeneye-007.exe
C:\Users\LIAM\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-yellow.exe
C:\Users\LIAM\AppData\Local\Temp\prismsetup.exe
C:\Users\LIAM\AppData\Local\Temp\SPSetup.exe
C:\Users\LIAM\AppData\Local\Temp\ubi82CA.tmp.exe
C:\Users\LIAM\AppData\Local\Temp\vpsetup.exe
C:\Users\LIAM\AppData\Local\Temp\zipsetup.exe
C:\Users\Trisha\AppData\Local\Temp\CloudBackup7503.exe
C:\Users\Trisha\AppData\Local\Temp\nsg11B6.exe
C:\Users\Trisha\AppData\Local\Temp\nst434D.exe
C:\Users\Trisha\AppData\Local\Temp\nst827B.exe
C:\Users\Trisha\AppData\Local\Temp\Quarantine.exe
C:\Users\Trisha\AppData\Local\Temp\uttE627.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-25 04:56

==================== End Of Log ============================



#15 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:04 PM

Posted 28 August 2014 - 06:56 AM

Hello realarce,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBC90FA65-EA85-4688-B0F0-3547BB029065&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
C:\Users\LIAM\AppData\Local\Temp\1_flashplayer.exe
C:\Users\LIAM\AppData\Local\Temp\burnsetup.exe
C:\Users\LIAM\AppData\Local\Temp\COMAP.EXE
C:\Users\LIAM\AppData\Local\Temp\ffmpeg15.exe
C:\Users\LIAM\AppData\Local\Temp\ICReinstall_CR_Downloader_for_goldeneye-007.exe
C:\Users\LIAM\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-yellow.exe
C:\Users\LIAM\AppData\Local\Temp\prismsetup.exe
C:\Users\LIAM\AppData\Local\Temp\SPSetup.exe
C:\Users\LIAM\AppData\Local\Temp\ubi82CA.tmp.exe
C:\Users\LIAM\AppData\Local\Temp\vpsetup.exe
C:\Users\LIAM\AppData\Local\Temp\zipsetup.exe
C:\Users\Trisha\AppData\Local\Temp\CloudBackup7503.exe
C:\Users\Trisha\AppData\Local\Temp\nsg11B6.exe
C:\Users\Trisha\AppData\Local\Temp\nst434D.exe
C:\Users\Trisha\AppData\Local\Temp\nst827B.exe
C:\Users\Trisha\AppData\Local\Temp\Quarantine.exe
C:\Users\Trisha\AppData\Local\Temp\uttE627.tmp.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users