Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I may have the Cryptowall 2.0 on my computer. Please advise.


  • This topic is locked This topic is locked
33 replies to this topic

#1 trashywoman

trashywoman

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 10 November 2014 - 10:56 PM

Hope I am doing this right. First time I have had to reach out to you guys directly.

I have a HP Pavillion Desktop

Windows 7 Home Premium Service pack 1

Processor:  Intel Core i5-3330 CPU @3.00GHz

RAM:  6.00GB (5.89 GB usable)

64 bit Operating system

I have more than 3/4 of my memory free

I regularly run Malwarebytes, CCleaner, Spybot, and Super Anti-spyware. I have the paid subscription of AVG

I normally update my computer on a regular basis but this past couple of weeks I had not been on here so updates to Windows had not been done until after I found this problem.

 

Nov 7 Emails would not come thru to my ipad so came to desktop. Had trouble getting live mail to open, then internet was acting funny. Looked at Taskmanager and found 5-7 instances of a *.dll running and description said COM surrogate. That was something I had not seen. Found info online that it might be conduit malware/spyware so ran SAS and it said I had POWELIK and was removed. Still the COM surrogates continued to bog down computer. Then maybe saw something about Crypt stuff and searched my files and came up with Decrypt Instructions in almost every folder and dated Nov 6, 2014. They also had a TOR.exe file also. After reading about what TOR does, I went thru and manually deleted them. Then I got to thinking I might make it start up so I have not done anything else except reset IE security to defaults because I was getting error message when downloading updates. If I reset them and stopped the COM surrogate processes in Taskmanager I could get some stuff downloaded before having to do it again.I just searched again for this post and have 92 files that say Decrypt Instructions and they are either *.txt or *html. It has not posted itself onto my desktop and there is no date about when I should pay or how much. I have not clicked on the link in the file. The COM surrogate has stopped after running Spybot and SAS several times. CCleaner stops at 26% while analyzing temporary internet files.

 

So can I get some help cleaning up this mess, please. This is so uncomfortable...

Thank you.


Edited by trashywoman, 10 November 2014 - 11:46 PM.


BC AdBot (Login to Remove)

 


#2 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:10 PM

Posted 10 November 2014 - 11:21 PM

If you have any network mapped drives or external hard drives plugged into your computer, I'd disconnect them immediately. I'll have to let the others help you more in depth, I'm still pretty new to this infection as I've only had two computers with it.


Edited by wishmakingfairy, 10 November 2014 - 11:23 PM.

Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^


#3 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 10 November 2014 - 11:46 PM

I have carbonite for backup and froze it but it was after I found these things. I will contact them before I start it up again. I am calling them tomorrow because I had a tech check some setting on my computer right about the same time as this happened. Don't know if that was the reason I was having trouble with the backup or not.The whole network thing doesn't work for me ( can never figure out how to set it up so both computers can see what's on the other) but I do have another computer which thankfully has been turned off this whole time.



#4 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:10 PM

Posted 12 November 2014 - 09:32 PM

Hello trashywoman, very nice to meet you, and we are glad you reached out for help.

Until a more qualified expert is able to arrive to take a closer look, I wanted to at least provide you with some additional information and reading on this particular infection.

Thank you,

~Stolen

A repository of all current knowledge regarding CryptoWall & CryptoWall 2.0 is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall & CryptoWall 2.0 does and provide information for how to deal with it and possibly decrypt/recover your files. At this time there is no fix tool for CryptoWall.

CryptoWall 2.0 uses its own TOR gateways...see Updated CryptoWall 2.0 ransomware released that makes it harder to recover files.

There is also a lengthy ongoing discussion in this topic: CryptoWall - new variant of CryptoDefense.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff

#5 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 12 November 2014 - 10:53 PM

Thank you, Stolen for the reply.
I have read the topics mentioned including most of the topic: CryptoWall - new variant of CryptoDefense.

Should I re-post this topic over there? I have run most of the suggested fixes. Seems at this point I only have a few emails I can't open. Just want to know if my machine is clean now.

You guys & gals are an amazing group.

#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:10 PM

Posted 13 November 2014 - 03:20 AM

Hello :welcome:

Sorry for the delay in getting back to you, but we've got hands really full of work here! However I have got both time & desire to help you, so I'm gonna ask some moderator to move your thread to the MRL forum - I will ask you for some logs in order to review them.

Cheers,
Naat :)

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 PM

Posted 13 November 2014 - 05:57 AM

Moved to the appropriate forum as requested by Naathim.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:10 PM

Posted 13 November 2014 - 06:16 AM

Hello again :)


Now that we are in Malware Removal section, I will deploy some tools which will give me a general overview of your systems state. Please do the following and post back logs when ready :)



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the cool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.

Please include that in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 13 November 2014 - 07:38 AM

Hello Nathan

 

thanks for your help.

 

FST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Transfer (administrator) on REGINA-HP on 13-11-2014 06:19:04
Running from C:\Users\Transfer\Desktop
Loaded Profile: Transfer (Available profiles: Regina & Transfer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware2\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware2\SUPERANTISPYWARE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter\SmartCenter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\TSUpdates\TSUpdatesCheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-09-29] (Carbonite, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware2\SUPERAntiSpyware.exe [7767832 2014-10-09] (SUPERAntiSpyware)
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\RunOnce: [Uninstall C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM - {79563D26-64E1-4463-B559-172EDDB200C6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {79563D26-64E1-4463-B559-172EDDB200C6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware2\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WebUpdate4; C:\windows\SysWOW64\WebUpdateSvc4.exe [412776 2013-11-25] (Data Perceptions / PowerProgrammer)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2014-01-13] (AVG Technologies)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [106096 2013-05-21] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNVSP; C:\Windows\System32\DRIVERS\PSMNVSP.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware2\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware2\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 06:19 - 2014-11-13 06:19 - 00018560 _____ () C:\Users\Transfer\Desktop\FRST.txt
2014-11-13 06:15 - 2014-11-13 06:15 - 02116096 _____ (Farbar) C:\Users\Transfer\Desktop\FRST64.exe
2014-11-12 17:15 - 2014-11-12 17:15 - 00000000 __SHD () C:\Users\Transfer\AppData\Local\EmieBrowserModeList
2014-11-11 13:31 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-11 13:31 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-11 13:31 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-11 13:31 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-11 13:31 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-11 13:31 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-11 13:31 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-11 13:31 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-11 13:31 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-11 13:31 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-11 13:31 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-11 13:31 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-11 13:31 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-11 13:31 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-11 13:31 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-11 13:31 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-11 13:31 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-11 13:31 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-11 13:31 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-11 13:31 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-11 13:31 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-11 13:31 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-11 13:31 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-11 13:31 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-11 13:31 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-11 13:31 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 13:31 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-11 13:31 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-11 13:31 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-11 13:31 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-11 13:31 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-11 13:31 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-11 13:31 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-11 13:31 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-11 13:31 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-11 13:31 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-11 13:31 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 13:31 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-11 13:31 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-11 13:31 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-11 13:31 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-11 13:31 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-11 13:31 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-11 13:31 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-11 13:31 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-11 13:31 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-11 13:31 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-11 13:31 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-11 13:31 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-11 13:31 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-11 13:31 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-11 13:31 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-11 13:31 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-11 13:31 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-11 13:31 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-11 13:31 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-11 13:31 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 13:31 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 13:31 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 13:31 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-11 13:31 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-11 13:31 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-11 13:31 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-11 13:31 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-11 13:31 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-11 13:31 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-11 13:31 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-11 13:31 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-11 13:29 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-11 13:29 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-11 13:29 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-11 13:29 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-11 13:29 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-11 13:29 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-11 13:29 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-11 13:29 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-11 13:29 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-11 13:29 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-11 13:28 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-11 13:28 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-11 13:28 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-11 13:28 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-11 13:28 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-11 13:28 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-11 13:28 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-11 07:44 - 2014-11-11 07:44 - 02174848 _____ () C:\Users\Transfer\Downloads\instsf450.exe
2014-11-11 07:44 - 2014-11-11 07:44 - 00000969 _____ () C:\Users\Transfer\Desktop\SpeedFan.lnk
2014-11-11 07:44 - 2014-11-11 07:44 - 00000969 _____ () C:\Users\Regina\Desktop\SpeedFan.lnk
2014-11-11 07:44 - 2014-11-11 07:44 - 00000045 _____ () C:\windows\SysWOW64\initdebug.nfo
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 _____ () C:\Users\Transfer\Desktop\initdebug.nfo
2014-11-10 23:11 - 2014-11-10 23:11 - 00000000 ____D () C:\Users\Transfer\Documents\ProcAlyzer Dumps
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-11-09 21:07 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-11-09 21:07 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-11-09 11:29 - 2014-11-09 11:28 - 00450713 ____R () C:\windows\system32\Drivers\etc\hosts.20141109-112911.backup
2014-11-09 11:28 - 2009-06-10 15:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20141109-112846.backup
2014-11-09 09:39 - 2014-11-09 09:39 - 00024322 _____ () C:\Users\Transfer\Documents\cc_20141109_093919.reg
2014-11-09 09:28 - 2014-11-09 09:28 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-11-09 09:27 - 2014-11-09 11:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-09 09:27 - 2014-11-09 09:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-09 09:27 - 2014-11-09 09:27 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-09 09:27 - 2014-11-09 09:27 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-09 09:27 - 2014-11-09 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-09 09:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-11-09 09:21 - 2014-11-09 09:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Transfer\Downloads\spybot-2.4.exe
2014-11-09 09:21 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-11-09 09:21 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-11-09 09:15 - 2014-11-09 09:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Transfer\Downloads\SpyHunter-Installer.exe
2014-11-09 09:03 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-11-09 09:03 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-11-09 09:03 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-11-09 09:03 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-11-09 09:03 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-11-09 09:03 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-11-09 09:03 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-11-09 09:03 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-11-09 09:01 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-11-09 09:01 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-11-09 08:18 - 2014-11-09 08:18 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-11-09 08:18 - 2014-11-09 08:18 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-09 08:18 - 2014-11-09 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-09 08:18 - 2014-11-09 08:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 08:08 - 2014-11-13 06:19 - 00000000 ____D () C:\FRST
2014-11-09 07:57 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-11-09 07:56 - 2014-11-13 06:16 - 00000000 ____D () C:\Users\Transfer\Desktop\FIX MY COMPUTER
2014-11-09 07:56 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-11-09 07:56 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-11-09 07:56 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-11-09 07:56 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-11-09 07:56 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-11-09 07:56 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-11-09 07:56 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-11-09 07:56 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-11-09 07:56 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-11-09 07:56 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-11-09 07:56 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-11-09 07:56 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-11-09 07:56 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-11-09 07:56 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-11-09 07:56 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-11-09 07:56 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-11-09 07:56 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-11-09 07:56 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-11-09 07:56 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-11-09 07:55 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-11-09 07:55 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-11-09 07:55 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-11-09 07:55 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-11-09 07:55 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-11-09 07:55 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-11-09 07:55 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-11-09 07:55 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-11-09 07:54 - 2014-11-09 07:54 - 02145792 _____ () C:\Users\Transfer\Desktop\adwcleaner_4.100.exe
2014-11-09 07:53 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-09 07:53 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-09 07:53 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-11-09 07:53 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-11-09 07:50 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-11-09 07:50 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-11-08 23:02 - 2014-11-08 23:02 - 00000000 ____D () C:\windows\ERUNT
2014-11-08 21:31 - 2014-11-08 21:31 - 01706808 _____ (Thisisu) C:\Users\Transfer\Desktop\JRT.exe
2014-11-08 21:00 - 2014-11-08 21:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Transfer\Downloads\rkill.exe
2014-11-08 11:06 - 2014-11-08 11:06 - 01998336 _____ () C:\Users\Transfer\Downloads\adwcleaner_4.002.exe
2014-11-08 10:51 - 2014-11-08 10:51 - 11222744 _____ (SurfRight B.V.) C:\Users\Transfer\Downloads\HitmanPro_x64 (1).exe
2014-11-07 19:40 - 2014-11-07 19:40 - 00000000 _____ () C:\autoexec.bat
2014-11-07 19:22 - 2014-11-07 19:22 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Transfer\Downloads\tdsskiller (1).exe
2014-11-07 15:53 - 2014-11-07 16:01 - 29746732 _____ () C:\Users\Transfer\Downloads\msert.exe.yx570ie.partial
2014-11-07 15:26 - 2014-11-07 15:26 - 00000383 _____ () C:\windows\DirectX.log
2014-11-07 13:31 - 2014-11-07 13:31 - 00002234 _____ () C:\Users\Transfer\Documents\scan results 110714.csv
2014-11-06 21:08 - 2014-11-06 21:08 - 00008536 _____ () C:\Users\Regina\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-06 21:08 - 2014-11-06 21:08 - 00004208 _____ () C:\Users\Regina\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-06 21:06 - 2014-11-06 21:06 - 00008536 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-11-06 21:06 - 2014-11-06 21:06 - 00004208 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-11-06 20:52 - 2014-11-06 20:52 - 00008536 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-06 20:52 - 2014-11-06 20:52 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-06 20:52 - 2014-11-06 20:52 - 00000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-11-06 20:27 - 2014-11-06 20:29 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\FrameworkUpdate7
2014-11-06 20:26 - 2014-11-06 20:29 - 00000000 ___HD () C:\d731768
2014-11-06 20:26 - 2014-11-06 20:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-28 08:53 - 2014-10-28 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-10-28 08:48 - 2014-07-07 08:45 - 00010240 _____ () C:\Users\Transfer\AppData\Local\Z@S!-f5fb6e40-26a7-40f3-a3e4-54ef1da495b8.tmp
2014-10-28 08:48 - 2014-07-07 08:45 - 00009216 _____ () C:\Users\Transfer\AppData\Local\Z@!-662a0e4f-668f-4a47-b230-adf79c38953f.tmp
2014-10-28 08:01 - 2014-10-28 08:01 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-28 08:01 - 2014-10-28 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-28 08:01 - 2014-10-28 08:01 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-28 07:59 - 2014-10-28 07:59 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\Program Files\iTunes
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\Program Files\iPod
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-18 09:12 - 2014-10-18 09:12 - 00000000 ____D () C:\Users\Transfer\Documents\New folder (2)
2014-10-14 19:05 - 2014-10-14 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-14 19:02 - 2014-10-28 07:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 06:00 - 2013-05-03 16:23 - 01281536 ___SH () C:\Users\Transfer\Desktop\Thumbs.db
2014-11-13 05:52 - 2013-03-24 18:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 04:57 - 2014-01-13 11:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-13 04:46 - 2013-03-19 13:39 - 01361845 _____ () C:\windows\WindowsUpdate.log
2014-11-13 01:13 - 2014-06-05 07:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2
2014-11-13 00:52 - 2013-03-24 18:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 00:50 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 00:50 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 00:47 - 2013-03-24 18:52 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 00:47 - 2013-03-24 18:52 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 21:23 - 2009-12-19 17:45 - 00000000 ____D () C:\Users\Transfer\Documents\1 Recipes
2014-11-12 04:00 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-12 03:30 - 2009-07-13 23:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-12 03:23 - 2014-06-11 09:20 - 00001872 _____ () C:\windows\setupact.log
2014-11-12 03:23 - 2014-02-12 10:43 - 00348440 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 03:23 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-12 03:21 - 2014-04-23 03:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 03:06 - 2013-03-20 18:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:04 - 2013-08-14 02:01 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 03:02 - 2013-03-20 18:30 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 11:38 - 2013-03-20 04:35 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{F668C72C-529A-40C8-B61E-2D034B452B16}
2014-11-11 08:52 - 2013-09-05 19:18 - 00000000 ____D () C:\Users\Transfer\Desktop\daylily sale
2014-11-11 08:06 - 2013-01-28 10:07 - 00000000 ____D () C:\Users\Transfer\Documents\1 for Jerry
2014-11-11 07:55 - 2013-04-28 17:27 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\Apple Computer
2014-11-11 07:27 - 2014-08-13 06:32 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForTransfer
2014-11-11 07:27 - 2014-08-13 06:32 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForTransfer.job
2014-11-10 20:51 - 2014-02-23 22:48 - 00000000 ____D () C:\Users\Transfer\Tracing
2014-11-10 20:51 - 2014-01-06 17:51 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\TeamViewer
2014-11-10 17:33 - 2013-03-12 13:22 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-11-10 17:33 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-10 02:28 - 2013-03-20 18:07 - 00000000 ____D () C:\Users\Transfer\AppData\Local\CrashDumps
2014-11-09 11:39 - 2013-03-20 05:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-09 11:39 - 2013-03-20 05:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-09 11:37 - 2010-11-21 01:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-09 11:37 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-11-09 11:37 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2014-11-09 11:37 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-11-09 09:36 - 2011-02-11 11:15 - 00774592 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-11-09 09:28 - 2013-03-20 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-09 08:02 - 2014-06-11 09:20 - 00043832 _____ () C:\windows\PFRO.log
2014-11-09 08:00 - 2014-01-14 12:44 - 00000000 ____D () C:\AdwCleaner
2014-11-08 23:01 - 2013-02-24 20:01 - 00000000 ____D () C:\Users\Transfer\Documents\1nursery information
2014-11-08 20:45 - 2013-07-13 17:49 - 00000000 ____D () C:\Users\Regina\AppData\Local\WinZip
2014-11-08 20:45 - 2013-03-24 18:51 - 00000000 ____D () C:\Users\Transfer\AppData\Local\Google
2014-11-08 20:45 - 2013-03-19 17:35 - 00000000 ____D () C:\Users\Transfer\AppData\Local\Apple Computer
2014-11-08 19:15 - 2014-05-22 03:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-08 11:59 - 2014-05-22 03:47 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 11:34 - 2013-08-27 17:50 - 00000000 ____D () C:\Users\Transfer\AppData\Local\PokerStars.NET
2014-11-08 11:34 - 2013-03-20 04:45 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\Adobe
2014-11-08 11:24 - 2013-03-19 17:42 - 00000000 ____D () C:\Users\Transfer\AppData\Local\VirtualStore
2014-11-07 19:30 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-07 17:55 - 2014-08-20 12:55 - 00000000 ____D () C:\Users\Transfer\AppData\Local\Adobe
2014-11-07 15:44 - 2014-04-24 04:35 - 00001267 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-11-07 15:44 - 2014-01-22 10:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-07 15:43 - 2014-01-22 10:25 - 00001336 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-11-07 15:42 - 2014-02-23 22:44 - 00002448 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-07 15:40 - 2013-03-12 13:30 - 00001420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-11-07 13:09 - 2014-05-22 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-07 13:09 - 2013-05-07 17:51 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 20:52 - 2014-06-05 07:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-06 20:52 - 2014-03-03 09:02 - 00000000 ____D () C:\ProgramData\PTC
2014-11-06 20:52 - 2013-03-12 13:27 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-11-06 20:52 - 2013-03-12 13:16 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-06 20:51 - 2013-05-07 18:18 - 00000000 ____D () C:\ProgramData\Blio
2014-11-06 20:51 - 2013-03-27 13:02 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-11-05 07:11 - 2013-03-25 12:24 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-05 07:11 - 2013-03-20 15:34 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-04 14:30 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-28 08:53 - 2013-03-20 20:54 - 00004152 _____ () C:\windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2014-10-28 08:53 - 2013-03-20 20:54 - 00002094 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-10-28 07:59 - 2013-04-28 17:26 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-27 13:25 - 2009-09-05 15:56 - 00000000 ____D () C:\Users\Transfer\Documents\My Scans
2014-10-24 02:47 - 2014-03-28 19:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-23 08:02 - 2013-08-20 08:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-20 20:23 - 2014-10-01 09:42 - 00000000 ____D () C:\Users\Transfer\Documents\jess chevy
2014-10-18 09:13 - 2014-08-08 08:17 - 00000000 ____D () C:\Users\Transfer\Documents\Jess Stuff
2014-10-15 14:14 - 2009-07-13 23:08 - 00032602 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-14 19:28 - 2013-03-24 19:46 - 00121344 ___SH () C:\Users\Transfer\Documents\Thumbs.db

Files to move or delete:
====================
C:\Users\Transfer\hpothb07.dat

Some content of TEMP:
====================
C:\Users\Transfer\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Transfer\AppData\Local\Temp\sfextra.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 17:10

==================== End Of Log ============================

 

Addition txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Transfer at 2014-11-13 06:20:19
Running from C:\Users\Transfer\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4189 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Calendar #1 [ENU] (HKLM-x32\...\{11420356-8C63-4B6F-9D6E-B2B5E5E8CC2D}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Caution (HKLM-x32\...\{83640671-5F02-4528-82B4-1F4637699C38}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Christmas [ENU] (HKLM-x32\...\{85C58A5E-5DBE-4A4C-B920-BEEE647F24B8}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Crafting [ENU] (HKLM-x32\...\{88AEF6A9-EC6A-4C3E-9AF9-094573E06C27}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Doctor's Office #1 [ENU] (HKLM-x32\...\{7ED7C719-8DAA-4B1C-A19C-8C22D7EC1090}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Doctor's Office #2 [ENU] (HKLM-x32\...\{9AF924BE-DC17-4893-9FB9-BA57AFB70CD3}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Eco (HKLM-x32\...\{13967EAF-6FE3-4394-ACAD-326C463FB6D4}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Facility #1 [ENU] (HKLM-x32\...\{7E5902CB-8ED3-4B7C-9FDF-2D7CBFC96512}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Files (HKLM-x32\...\{B9AA72E1-DDB0-4344-9FFA-11545382ECB5}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Halloween [ENU] (HKLM-x32\...\{F72DCCC0-60E3-4E2C-9EA6-FFBF60507DCE}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Holiday #1 [ENU] (HKLM-x32\...\{3C7CAD9F-5967-4993-899A-C449BA9E9C74}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Office Signage (HKLM-x32\...\{58A7A4BA-AB8F-410F-963D-0BB3E73389F7}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal #3 [ENU] (HKLM-x32\...\{ED13E571-7997-4C44-896D-297C09047B64}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal (HKLM-x32\...\{B24F0BA7-A962-47D2-A4E6-0E3AFCE8D874}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal Files [ENU] (HKLM-x32\...\{315CF84A-788E-4C14-8511-58BD81D2CD0E}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail #3 [ENU] (HKLM-x32\...\{395D8D04-902F-44A5-AC57-51CA2377D074}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail #4 [ENU] (HKLM-x32\...\{7B4170CA-3C13-4A4F-97F5-E90E0038E9A4}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail (HKLM-x32\...\{CDE0AEA2-2F2F-4894-987F-5BE954E578A8}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Shipping (HKLM-x32\...\{C99C37D6-6ADA-4CDF-971E-46DCB1E743CE}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Valentine's Day [ENU] (HKLM-x32\...\{2A30091B-C0FA-45AD-BA11-427FBF0B8313}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
Canon MX420 series User Registration (HKLM-x32\...\Canon MX420 series User Registration) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.0 build 4390 (Sep-29-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dsdminst (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6395.0 - IDT)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access 2013 - en-us (HKLM\...\AccessRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pantech PCSuite (HKLM-x32\...\{8D87D9CA-B4AC-4851-8EC9-1F7E2958B919}) (Version: 1.0 - Pantech)
Pantech PCSuite (x32 Version: 1.0 - Pantech) Hidden
Pantech Unified USB Driver Ver1 (HKLM\...\{19E88D03-44D4-46aa-9F3C-D6CFC035BFE6}) (Version: 4.12.9.0 - Pantech)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photobucket Backup (HKLM-x32\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plant Tag N Track 2.0.4.3 (HKLM-x32\...\Plant Tag N Track) (Version: 2.0.4.3 - PTC Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
Python 2.7 pycairo-1.8.10 (HKLM-x32\...\{6CCC1913-1290-4141-9E18-19CE7808F1F6}) (Version: 1.8.10 - UNKNOWN)
Python 2.7 pygobject-2.28.3 (HKLM-x32\...\{72A14C41-6042-4A19-BE4A-79B526DA2E64}) (Version: 2.28.3 - Johan Dahlin)
Python 3.3.2 (HKLM-x32\...\{92389de9-939e-341b-a076-1d52d7dbca71}) (Version: 3.3.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Update Wizard (Redist) 4.5 (HKLM-x32\...\Software Update Wizard (Redist)) (Version: 4.5 - PowerProgrammer)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Static Windows Live Mail Backup 2.9 (HKLM-x32\...\Static Windows Live Mail Backup_is1) (Version:  - StaticBackup Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-11-2014 09:00:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-09 11:29 - 00450713 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00D3CDE8-8909-4CD4-BFD1-778DDE8B5B7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {0833C03D-5F7C-499F-952B-5C52190FE123} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {0D7858B6-C72F-46F5-A32C-3B8F5531376F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {160F86DE-B0B8-4CB4-AEB5-9AA9144E978A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {19FE4335-2B87-43A1-9FA1-1FE7952A3FB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {24EF50C9-CA61-4D64-90B0-5D7B65501976} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {25AD57C5-3262-4E21-B4EA-99D58679524C} - System32\Tasks\Regular disk cleanup => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)
Task: {26FE6CE8-09CD-4631-B866-EEDF7FE7045B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-21] (Microsoft)
Task: {304046C0-743C-4BC7-9923-B56D5427CC6A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {481F8509-397A-46CB-8BD8-04487DBC9A8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4B77E94B-F695-478E-9D77-0B93B852C33F} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {4DF54EC4-CAEC-463A-B469-F6BA6B354763} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4FD0670A-006B-467D-B3EE-942A00B7D241} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {56E20C5D-1687-470B-BC1C-E63EFD27358A} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {95083EED-AE73-4B75-B0F2-DAF23D6463CA} - System32\Tasks\HPCeeScheduleForTransfer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A171D177-8F81-49CA-8D1D-F67A73888237} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {A7B8A7D8-E631-458C-95CB-6186B7E8AA7E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {C2D2420D-BACF-48A3-B687-685444F39ED6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {CB85FF9B-2E34-4D67-8105-27D70EB0E52D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {D9562D16-F8ED-4D3C-B439-96CD0BB13BC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EC83A085-5145-49BE-8CE7-AEEBE0539D32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {F6689B2D-1AF8-453D-93A8-F61A1425E398} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTransfer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-03-28 19:36 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-24 02:45 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-09 09:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-09 09:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-09 09:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-09 09:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-09 09:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPAuto => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WebUpdate4 => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPSYSDRV => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-926090934-439431683-2122779614-500 - Administrator - Disabled)
Guest (S-1-5-21-926090934-439431683-2122779614-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-926090934-439431683-2122779614-1003 - Limited - Enabled)
Regina (S-1-5-21-926090934-439431683-2122779614-1001 - Limited - Enabled) => C:\Users\Regina
Transfer (S-1-5-21-926090934-439431683-2122779614-1004 - Administrator - Enabled) => C:\Users\Transfer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 02:28:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2138
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 10:43:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x16b8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 08:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x5b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 05:53:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00354c5c
Faulting process id: 0x7a4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 05:31:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x1e1c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 02:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x000a326e
Faulting process id: 0x1404
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 02:25:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 4.19.0.4867 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1920

Start Time: 01cffc56b9739cf5

Termination Time: 3

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 5542c903-684e-11e4-90c7-6c3be53a41cd

Error: (11/09/2014 07:04:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc00000fd
Fault offset: 0x000b183f
Faulting process id: 0x21b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (11/12/2014 03:22:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/12/2014 02:22:44 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/10/2014 09:42:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/10/2014 06:17:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/10/2014 04:54:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/10/2014 04:54:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/10/2014 03:16:46 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/09/2014 02:26:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/09/2014 01:52:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/09/2014 11:42:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (05/12/2014 02:14:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2612 seconds with 1320 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 6032.01 MB
Available physical RAM: 2920.29 MB
Total Pagefile: 11976.19 MB
Available Pagefile: 9143.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.79 GB) (Free:693.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.5 GB) (Free:2.02 GB) NTFS
Drive e: (--verify) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EA4F8EFA)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

ID Tool Results

 

Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 11/13/2014 6:32:20 AM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible CryptoWall Flag , HKCU\Software\D731768501A10C5051CDC3F835FD76F5\133555678CCDDFFF
 


Hello Nathan

 

thanks for your help.

 

FST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Transfer (administrator) on REGINA-HP on 13-11-2014 06:19:04
Running from C:\Users\Transfer\Desktop
Loaded Profile: Transfer (Available profiles: Regina & Transfer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware2\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware2\SUPERANTISPYWARE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter\SmartCenter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\TSUpdates\TSUpdatesCheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-09-29] (Carbonite, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware2\SUPERAntiSpyware.exe [7767832 2014-10-09] (SUPERAntiSpyware)
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\RunOnce: [Uninstall C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM - {79563D26-64E1-4463-B559-172EDDB200C6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {79563D26-64E1-4463-B559-172EDDB200C6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware2\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WebUpdate4; C:\windows\SysWOW64\WebUpdateSvc4.exe [412776 2013-11-25] (Data Perceptions / PowerProgrammer)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2014-01-13] (AVG Technologies)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [106096 2013-05-21] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNVSP; C:\Windows\System32\DRIVERS\PSMNVSP.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware2\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware2\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 06:19 - 2014-11-13 06:19 - 00018560 _____ () C:\Users\Transfer\Desktop\FRST.txt
2014-11-13 06:15 - 2014-11-13 06:15 - 02116096 _____ (Farbar) C:\Users\Transfer\Desktop\FRST64.exe
2014-11-12 17:15 - 2014-11-12 17:15 - 00000000 __SHD () C:\Users\Transfer\AppData\Local\EmieBrowserModeList
2014-11-11 13:31 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-11 13:31 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-11 13:31 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-11 13:31 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-11 13:31 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-11 13:31 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-11 13:31 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-11 13:31 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-11 13:31 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-11 13:31 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-11 13:31 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-11 13:31 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-11 13:31 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-11 13:31 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-11 13:31 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-11 13:31 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-11 13:31 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-11 13:31 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-11 13:31 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-11 13:31 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-11 13:31 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-11 13:31 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-11 13:31 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-11 13:31 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-11 13:31 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-11 13:31 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 13:31 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-11 13:31 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-11 13:31 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-11 13:31 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-11 13:31 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-11 13:31 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-11 13:31 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-11 13:31 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-11 13:31 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-11 13:31 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-11 13:31 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 13:31 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-11 13:31 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-11 13:31 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-11 13:31 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-11 13:31 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-11 13:31 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-11 13:31 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-11 13:31 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-11 13:31 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-11 13:31 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-11 13:31 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-11 13:31 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-11 13:31 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-11 13:31 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-11 13:31 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-11 13:31 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-11 13:31 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-11 13:31 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-11 13:31 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-11 13:31 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 13:31 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 13:31 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 13:31 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-11 13:31 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-11 13:31 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-11 13:31 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-11 13:31 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-11 13:31 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-11 13:31 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-11 13:31 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-11 13:31 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-11 13:29 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-11 13:29 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-11 13:29 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-11 13:29 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-11 13:29 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-11 13:29 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-11 13:29 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-11 13:29 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-11 13:29 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-11 13:29 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-11 13:29 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-11 13:29 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-11 13:29 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-11 13:28 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-11 13:28 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-11 13:28 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-11 13:28 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-11 13:28 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-11 13:28 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-11 13:28 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-11 07:44 - 2014-11-11 07:44 - 02174848 _____ () C:\Users\Transfer\Downloads\instsf450.exe
2014-11-11 07:44 - 2014-11-11 07:44 - 00000969 _____ () C:\Users\Transfer\Desktop\SpeedFan.lnk
2014-11-11 07:44 - 2014-11-11 07:44 - 00000969 _____ () C:\Users\Regina\Desktop\SpeedFan.lnk
2014-11-11 07:44 - 2014-11-11 07:44 - 00000045 _____ () C:\windows\SysWOW64\initdebug.nfo
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-11-11 07:44 - 2014-11-11 07:44 - 00000000 _____ () C:\Users\Transfer\Desktop\initdebug.nfo
2014-11-10 23:11 - 2014-11-10 23:11 - 00000000 ____D () C:\Users\Transfer\Documents\ProcAlyzer Dumps
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-11-09 21:07 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-11-09 21:07 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-11-09 21:07 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-11-09 21:07 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-11-09 11:29 - 2014-11-09 11:28 - 00450713 ____R () C:\windows\system32\Drivers\etc\hosts.20141109-112911.backup
2014-11-09 11:28 - 2009-06-10 15:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20141109-112846.backup
2014-11-09 09:39 - 2014-11-09 09:39 - 00024322 _____ () C:\Users\Transfer\Documents\cc_20141109_093919.reg
2014-11-09 09:28 - 2014-11-09 09:28 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-11-09 09:27 - 2014-11-09 11:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-09 09:27 - 2014-11-09 09:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-09 09:27 - 2014-11-09 09:27 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-09 09:27 - 2014-11-09 09:27 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-09 09:27 - 2014-11-09 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-09 09:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-11-09 09:21 - 2014-11-09 09:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Transfer\Downloads\spybot-2.4.exe
2014-11-09 09:21 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-11-09 09:21 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-11-09 09:15 - 2014-11-09 09:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Transfer\Downloads\SpyHunter-Installer.exe
2014-11-09 09:03 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-11-09 09:03 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-11-09 09:03 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-11-09 09:03 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-11-09 09:03 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-11-09 09:03 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-11-09 09:03 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-11-09 09:03 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-11-09 09:01 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-11-09 09:01 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-11-09 08:18 - 2014-11-09 08:18 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-11-09 08:18 - 2014-11-09 08:18 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-09 08:18 - 2014-11-09 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-09 08:18 - 2014-11-09 08:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 08:08 - 2014-11-13 06:19 - 00000000 ____D () C:\FRST
2014-11-09 07:57 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-11-09 07:56 - 2014-11-13 06:16 - 00000000 ____D () C:\Users\Transfer\Desktop\FIX MY COMPUTER
2014-11-09 07:56 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-11-09 07:56 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-11-09 07:56 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-11-09 07:56 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-11-09 07:56 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-11-09 07:56 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-11-09 07:56 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-11-09 07:56 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-11-09 07:56 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-11-09 07:56 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-11-09 07:56 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-11-09 07:56 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-11-09 07:56 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-11-09 07:56 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-11-09 07:56 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-11-09 07:56 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-11-09 07:56 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-11-09 07:56 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-11-09 07:56 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-11-09 07:55 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-11-09 07:55 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-11-09 07:55 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-11-09 07:55 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-11-09 07:55 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-11-09 07:55 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-11-09 07:55 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-11-09 07:55 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-11-09 07:55 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-11-09 07:54 - 2014-11-09 07:54 - 02145792 _____ () C:\Users\Transfer\Desktop\adwcleaner_4.100.exe
2014-11-09 07:53 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-09 07:53 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-09 07:53 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-11-09 07:53 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-11-09 07:50 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-11-09 07:50 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-11-08 23:02 - 2014-11-08 23:02 - 00000000 ____D () C:\windows\ERUNT
2014-11-08 21:31 - 2014-11-08 21:31 - 01706808 _____ (Thisisu) C:\Users\Transfer\Desktop\JRT.exe
2014-11-08 21:00 - 2014-11-08 21:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Transfer\Downloads\rkill.exe
2014-11-08 11:06 - 2014-11-08 11:06 - 01998336 _____ () C:\Users\Transfer\Downloads\adwcleaner_4.002.exe
2014-11-08 10:51 - 2014-11-08 10:51 - 11222744 _____ (SurfRight B.V.) C:\Users\Transfer\Downloads\HitmanPro_x64 (1).exe
2014-11-07 19:40 - 2014-11-07 19:40 - 00000000 _____ () C:\autoexec.bat
2014-11-07 19:22 - 2014-11-07 19:22 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Transfer\Downloads\tdsskiller (1).exe
2014-11-07 15:53 - 2014-11-07 16:01 - 29746732 _____ () C:\Users\Transfer\Downloads\msert.exe.yx570ie.partial
2014-11-07 15:26 - 2014-11-07 15:26 - 00000383 _____ () C:\windows\DirectX.log
2014-11-07 13:31 - 2014-11-07 13:31 - 00002234 _____ () C:\Users\Transfer\Documents\scan results 110714.csv
2014-11-06 21:08 - 2014-11-06 21:08 - 00008536 _____ () C:\Users\Regina\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-06 21:08 - 2014-11-06 21:08 - 00004208 _____ () C:\Users\Regina\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-06 21:06 - 2014-11-06 21:06 - 00008536 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-11-06 21:06 - 2014-11-06 21:06 - 00004208 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-11-06 20:52 - 2014-11-06 20:52 - 00008536 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-06 20:52 - 2014-11-06 20:52 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-06 20:52 - 2014-11-06 20:52 - 00000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-11-06 20:27 - 2014-11-06 20:29 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\FrameworkUpdate7
2014-11-06 20:26 - 2014-11-06 20:29 - 00000000 ___HD () C:\d731768
2014-11-06 20:26 - 2014-11-06 20:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-28 08:53 - 2014-10-28 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-10-28 08:48 - 2014-07-07 08:45 - 00010240 _____ () C:\Users\Transfer\AppData\Local\Z@S!-f5fb6e40-26a7-40f3-a3e4-54ef1da495b8.tmp
2014-10-28 08:48 - 2014-07-07 08:45 - 00009216 _____ () C:\Users\Transfer\AppData\Local\Z@!-662a0e4f-668f-4a47-b230-adf79c38953f.tmp
2014-10-28 08:01 - 2014-10-28 08:01 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-28 08:01 - 2014-10-28 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-28 08:01 - 2014-10-28 08:01 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-28 07:59 - 2014-10-28 07:59 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\Program Files\iTunes
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\Program Files\iPod
2014-10-28 07:59 - 2014-10-28 07:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-18 09:12 - 2014-10-18 09:12 - 00000000 ____D () C:\Users\Transfer\Documents\New folder (2)
2014-10-14 19:05 - 2014-10-14 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-14 19:02 - 2014-10-28 07:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 06:00 - 2013-05-03 16:23 - 01281536 ___SH () C:\Users\Transfer\Desktop\Thumbs.db
2014-11-13 05:52 - 2013-03-24 18:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 04:57 - 2014-01-13 11:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-13 04:46 - 2013-03-19 13:39 - 01361845 _____ () C:\windows\WindowsUpdate.log
2014-11-13 01:13 - 2014-06-05 07:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2
2014-11-13 00:52 - 2013-03-24 18:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 00:50 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 00:50 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 00:47 - 2013-03-24 18:52 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 00:47 - 2013-03-24 18:52 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 21:23 - 2009-12-19 17:45 - 00000000 ____D () C:\Users\Transfer\Documents\1 Recipes
2014-11-12 04:00 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-12 03:30 - 2009-07-13 23:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-12 03:23 - 2014-06-11 09:20 - 00001872 _____ () C:\windows\setupact.log
2014-11-12 03:23 - 2014-02-12 10:43 - 00348440 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 03:23 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-12 03:21 - 2014-04-23 03:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 03:06 - 2013-03-20 18:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:04 - 2013-08-14 02:01 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 03:02 - 2013-03-20 18:30 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 11:38 - 2013-03-20 04:35 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{F668C72C-529A-40C8-B61E-2D034B452B16}
2014-11-11 08:52 - 2013-09-05 19:18 - 00000000 ____D () C:\Users\Transfer\Desktop\daylily sale
2014-11-11 08:06 - 2013-01-28 10:07 - 00000000 ____D () C:\Users\Transfer\Documents\1 for Jerry
2014-11-11 07:55 - 2013-04-28 17:27 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\Apple Computer
2014-11-11 07:27 - 2014-08-13 06:32 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForTransfer
2014-11-11 07:27 - 2014-08-13 06:32 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForTransfer.job
2014-11-10 20:51 - 2014-02-23 22:48 - 00000000 ____D () C:\Users\Transfer\Tracing
2014-11-10 20:51 - 2014-01-06 17:51 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\TeamViewer
2014-11-10 17:33 - 2013-03-12 13:22 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-11-10 17:33 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-10 02:28 - 2013-03-20 18:07 - 00000000 ____D () C:\Users\Transfer\AppData\Local\CrashDumps
2014-11-09 11:39 - 2013-03-20 05:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-09 11:39 - 2013-03-20 05:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-09 11:37 - 2010-11-21 01:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-09 11:37 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-11-09 11:37 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2014-11-09 11:37 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-11-09 09:36 - 2011-02-11 11:15 - 00774592 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-11-09 09:28 - 2013-03-20 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-09 08:02 - 2014-06-11 09:20 - 00043832 _____ () C:\windows\PFRO.log
2014-11-09 08:00 - 2014-01-14 12:44 - 00000000 ____D () C:\AdwCleaner
2014-11-08 23:01 - 2013-02-24 20:01 - 00000000 ____D () C:\Users\Transfer\Documents\1nursery information
2014-11-08 20:45 - 2013-07-13 17:49 - 00000000 ____D () C:\Users\Regina\AppData\Local\WinZip
2014-11-08 20:45 - 2013-03-24 18:51 - 00000000 ____D () C:\Users\Transfer\AppData\Local\Google
2014-11-08 20:45 - 2013-03-19 17:35 - 00000000 ____D () C:\Users\Transfer\AppData\Local\Apple Computer
2014-11-08 19:15 - 2014-05-22 03:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-08 11:59 - 2014-05-22 03:47 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 11:34 - 2013-08-27 17:50 - 00000000 ____D () C:\Users\Transfer\AppData\Local\PokerStars.NET
2014-11-08 11:34 - 2013-03-20 04:45 - 00000000 ____D () C:\Users\Transfer\AppData\Roaming\Adobe
2014-11-08 11:24 - 2013-03-19 17:42 - 00000000 ____D () C:\Users\Transfer\AppData\Local\VirtualStore
2014-11-07 19:30 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-07 17:55 - 2014-08-20 12:55 - 00000000 ____D () C:\Users\Transfer\AppData\Local\Adobe
2014-11-07 15:44 - 2014-04-24 04:35 - 00001267 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-11-07 15:44 - 2014-01-22 10:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-07 15:43 - 2014-01-22 10:25 - 00001336 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-11-07 15:42 - 2014-02-23 22:44 - 00002448 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-07 15:40 - 2013-03-12 13:30 - 00001420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-11-07 13:09 - 2014-05-22 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-07 13:09 - 2013-05-07 17:51 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 20:52 - 2014-06-05 07:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-06 20:52 - 2014-03-03 09:02 - 00000000 ____D () C:\ProgramData\PTC
2014-11-06 20:52 - 2013-03-12 13:27 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-11-06 20:52 - 2013-03-12 13:16 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-06 20:51 - 2013-05-07 18:18 - 00000000 ____D () C:\ProgramData\Blio
2014-11-06 20:51 - 2013-03-27 13:02 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-11-05 07:11 - 2013-03-25 12:24 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-05 07:11 - 2013-03-20 15:34 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-04 14:30 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-28 08:53 - 2013-03-20 20:54 - 00004152 _____ () C:\windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2014-10-28 08:53 - 2013-03-20 20:54 - 00002094 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-10-28 07:59 - 2013-04-28 17:26 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-27 13:25 - 2009-09-05 15:56 - 00000000 ____D () C:\Users\Transfer\Documents\My Scans
2014-10-24 02:47 - 2014-03-28 19:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-23 08:02 - 2013-08-20 08:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-20 20:23 - 2014-10-01 09:42 - 00000000 ____D () C:\Users\Transfer\Documents\jess chevy
2014-10-18 09:13 - 2014-08-08 08:17 - 00000000 ____D () C:\Users\Transfer\Documents\Jess Stuff
2014-10-15 14:14 - 2009-07-13 23:08 - 00032602 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-14 19:28 - 2013-03-24 19:46 - 00121344 ___SH () C:\Users\Transfer\Documents\Thumbs.db

Files to move or delete:
====================
C:\Users\Transfer\hpothb07.dat

Some content of TEMP:
====================
C:\Users\Transfer\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Transfer\AppData\Local\Temp\sfextra.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 17:10

==================== End Of Log ============================

 

Addition txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Transfer at 2014-11-13 06:20:19
Running from C:\Users\Transfer\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4189 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Calendar #1 [ENU] (HKLM-x32\...\{11420356-8C63-4B6F-9D6E-B2B5E5E8CC2D}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Caution (HKLM-x32\...\{83640671-5F02-4528-82B4-1F4637699C38}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Christmas [ENU] (HKLM-x32\...\{85C58A5E-5DBE-4A4C-B920-BEEE647F24B8}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Crafting [ENU] (HKLM-x32\...\{88AEF6A9-EC6A-4C3E-9AF9-094573E06C27}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Doctor's Office #1 [ENU] (HKLM-x32\...\{7ED7C719-8DAA-4B1C-A19C-8C22D7EC1090}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Doctor's Office #2 [ENU] (HKLM-x32\...\{9AF924BE-DC17-4893-9FB9-BA57AFB70CD3}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Eco (HKLM-x32\...\{13967EAF-6FE3-4394-ACAD-326C463FB6D4}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Facility #1 [ENU] (HKLM-x32\...\{7E5902CB-8ED3-4B7C-9FDF-2D7CBFC96512}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Files (HKLM-x32\...\{B9AA72E1-DDB0-4344-9FFA-11545382ECB5}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Halloween [ENU] (HKLM-x32\...\{F72DCCC0-60E3-4E2C-9EA6-FFBF60507DCE}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Holiday #1 [ENU] (HKLM-x32\...\{3C7CAD9F-5967-4993-899A-C449BA9E9C74}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Office Signage (HKLM-x32\...\{58A7A4BA-AB8F-410F-963D-0BB3E73389F7}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal #3 [ENU] (HKLM-x32\...\{ED13E571-7997-4C44-896D-297C09047B64}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal (HKLM-x32\...\{B24F0BA7-A962-47D2-A4E6-0E3AFCE8D874}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal Files [ENU] (HKLM-x32\...\{315CF84A-788E-4C14-8511-58BD81D2CD0E}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail #3 [ENU] (HKLM-x32\...\{395D8D04-902F-44A5-AC57-51CA2377D074}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail #4 [ENU] (HKLM-x32\...\{7B4170CA-3C13-4A4F-97F5-E90E0038E9A4}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail (HKLM-x32\...\{CDE0AEA2-2F2F-4894-987F-5BE954E578A8}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Shipping (HKLM-x32\...\{C99C37D6-6ADA-4CDF-971E-46DCB1E743CE}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Valentine's Day [ENU] (HKLM-x32\...\{2A30091B-C0FA-45AD-BA11-427FBF0B8313}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
Canon MX420 series User Registration (HKLM-x32\...\Canon MX420 series User Registration) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.0 build 4390 (Sep-29-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dsdminst (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6395.0 - IDT)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access 2013 - en-us (HKLM\...\AccessRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pantech PCSuite (HKLM-x32\...\{8D87D9CA-B4AC-4851-8EC9-1F7E2958B919}) (Version: 1.0 - Pantech)
Pantech PCSuite (x32 Version: 1.0 - Pantech) Hidden
Pantech Unified USB Driver Ver1 (HKLM\...\{19E88D03-44D4-46aa-9F3C-D6CFC035BFE6}) (Version: 4.12.9.0 - Pantech)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photobucket Backup (HKLM-x32\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plant Tag N Track 2.0.4.3 (HKLM-x32\...\Plant Tag N Track) (Version: 2.0.4.3 - PTC Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
Python 2.7 pycairo-1.8.10 (HKLM-x32\...\{6CCC1913-1290-4141-9E18-19CE7808F1F6}) (Version: 1.8.10 - UNKNOWN)
Python 2.7 pygobject-2.28.3 (HKLM-x32\...\{72A14C41-6042-4A19-BE4A-79B526DA2E64}) (Version: 2.28.3 - Johan Dahlin)
Python 3.3.2 (HKLM-x32\...\{92389de9-939e-341b-a076-1d52d7dbca71}) (Version: 3.3.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Update Wizard (Redist) 4.5 (HKLM-x32\...\Software Update Wizard (Redist)) (Version: 4.5 - PowerProgrammer)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Static Windows Live Mail Backup 2.9 (HKLM-x32\...\Static Windows Live Mail Backup_is1) (Version:  - StaticBackup Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-926090934-439431683-2122779614-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-11-2014 09:00:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-09 11:29 - 00450713 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00D3CDE8-8909-4CD4-BFD1-778DDE8B5B7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {0833C03D-5F7C-499F-952B-5C52190FE123} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {0D7858B6-C72F-46F5-A32C-3B8F5531376F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {160F86DE-B0B8-4CB4-AEB5-9AA9144E978A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {19FE4335-2B87-43A1-9FA1-1FE7952A3FB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {24EF50C9-CA61-4D64-90B0-5D7B65501976} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {25AD57C5-3262-4E21-B4EA-99D58679524C} - System32\Tasks\Regular disk cleanup => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)
Task: {26FE6CE8-09CD-4631-B866-EEDF7FE7045B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-21] (Microsoft)
Task: {304046C0-743C-4BC7-9923-B56D5427CC6A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {481F8509-397A-46CB-8BD8-04487DBC9A8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4B77E94B-F695-478E-9D77-0B93B852C33F} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {4DF54EC4-CAEC-463A-B469-F6BA6B354763} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4FD0670A-006B-467D-B3EE-942A00B7D241} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {56E20C5D-1687-470B-BC1C-E63EFD27358A} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {95083EED-AE73-4B75-B0F2-DAF23D6463CA} - System32\Tasks\HPCeeScheduleForTransfer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A171D177-8F81-49CA-8D1D-F67A73888237} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {A7B8A7D8-E631-458C-95CB-6186B7E8AA7E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {C2D2420D-BACF-48A3-B687-685444F39ED6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {CB85FF9B-2E34-4D67-8105-27D70EB0E52D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {D9562D16-F8ED-4D3C-B439-96CD0BB13BC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EC83A085-5145-49BE-8CE7-AEEBE0539D32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {F6689B2D-1AF8-453D-93A8-F61A1425E398} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTransfer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-03-28 19:36 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-24 02:45 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-09 09:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-09 09:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-09 09:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-09 09:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-09 09:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPAuto => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WebUpdate4 => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPSYSDRV => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-926090934-439431683-2122779614-500 - Administrator - Disabled)
Guest (S-1-5-21-926090934-439431683-2122779614-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-926090934-439431683-2122779614-1003 - Limited - Enabled)
Regina (S-1-5-21-926090934-439431683-2122779614-1001 - Limited - Enabled) => C:\Users\Regina
Transfer (S-1-5-21-926090934-439431683-2122779614-1004 - Administrator - Enabled) => C:\Users\Transfer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 02:28:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2138
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 10:43:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x16b8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 08:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x5b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 05:53:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00354c5c
Faulting process id: 0x7a4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 05:31:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x1e1c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 02:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x000a326e
Faulting process id: 0x1404
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/09/2014 02:25:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 4.19.0.4867 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1920

Start Time: 01cffc56b9739cf5

Termination Time: 3

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 5542c903-684e-11e4-90c7-6c3be53a41cd

Error: (11/09/2014 07:04:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc00000fd
Fault offset: 0x000b183f
Faulting process id: 0x21b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (11/12/2014 03:22:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/12/2014 02:22:44 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/10/2014 09:42:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/10/2014 06:17:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/10/2014 04:54:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/10/2014 04:54:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/10/2014 03:16:46 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/09/2014 02:26:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/09/2014 01:52:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/09/2014 11:42:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (05/12/2014 02:14:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2612 seconds with 1320 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 6032.01 MB
Available physical RAM: 2920.29 MB
Total Pagefile: 11976.19 MB
Available Pagefile: 9143.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.79 GB) (Free:693.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.5 GB) (Free:2.02 GB) NTFS
Drive e: (--verify) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EA4F8EFA)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

ID Tool Results

 

Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 11/13/2014 6:32:20 AM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible CryptoWall Flag , HKCU\Software\D731768501A10C5051CDC3F835FD76F5\133555678CCDDFFF
 



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:10 PM

Posted 13 November 2014 - 08:40 AM

Hi :)
 
Unfortunately the CryptoWall presence is confirmed. Sorry to hear about that :(
 
I don't see any obvious malware in FRST logs, but I'd like you to perform a general scan with this second opinion scanner.



herdprotect-logo-200x200.png Scan with HerdProtect

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.
Please include the contens of that report in your next reply.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 13 November 2014 - 09:09 AM

Ok was able to disable AVG but found no setting to disable spybot or malwarebytes or CCleaner is not set to start when computer starts. I think I had previously disabled that in the start up folder for spybot too but not sure about Malwarebytes.

 

If I have the cryptowall why do my files all open up? I haven't found any that don't open. And never received the window opening on my desktop with the instructions. I found that myself while looking thru the files. I never clicked on the link that was in that *.txt file and deleted all the references that said TOR Install.exe.



#12 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 13 November 2014 - 09:28 AM

Well just going to scan anyway. I have followed all directions about disabling other scanners, must not have them enabled.



#13 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 13 November 2014 - 10:18 AM

I got a message from Herd that a second scan was necessary in about an hour. Here is the scan results and a picture of the message. Do I go ahead with the 2nd scan?

 

And what is with those porn sites listed? I don't think I have ever looked at those sites even out of curiosity.

 

Attached File  HERD message after 1st scan.JPG   45.25KB   0 downloads

 

1st scan results

 

Saved date:    11/13/2014 9:04:15 AM
Files detected:  32
Files scanned:   10,228
Processes scanned:  56
Modules scanned:  723
ASEPs scanned:   446
Downloads scanned:  0
Deep analysis:   43/4
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\spybot - search & destroy 2\av\scan.dll
Publisher:   BitDefender
Signer:   BitDefender SRL
MD5:    9b375bb63f99b113c065a5db4e632e23
SHA-1:    115edae4e06227fe6f8c66b28557a67b8c3218aa
Created:   11/9/2014 9:27:35 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
Publisher:   Hewlett-Packard Company
MD5:    2a8b93a01621e100a578e83c768afa2c
SHA-1:    0d2c353f155651e6834ce40170f2e3385e0d287a
Created:   11/4/2013 6:31:56 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.Service.HewlettPackardCompany.M

---------------------------------------------------------------------------------

File path:   c:\program files\idt\wdm\stacsv64.exe
Publisher:   IDT, Inc.
MD5:    605eccce95acf7af12cbccdab55b8dd0
SHA-1:    6d8c413093e58fa8579d3809dbd48363ed08307c
Created:   1/14/2014 12:55:40 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.Clodbae.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\webupdatesvc4.exe
Publisher:   Data Perceptions / PowerProgrammer
Signer:   Data Perceptions
MD5:    6690fafc9f2c0df23dd88953c010cfeb
SHA-1:    7c8b2467559d7563181ed247346adf63ecfedba4
Created:   11/25/2013 1:33:58 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.Service.DataPerceptions.N

---------------------------------------------------------------------------------

File path:   c:\users\transfer\appdata\local\temp\jrt\nircmd.dat
Publisher:   NirSoft
MD5:    466a42aea0abdf4c6b610f0f5e61cfa2
SHA-1:    7e7998642babcb567ff7845cfaf4f3636ce209f7
Created:   11/11/2014 8:04:32 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - ViRobot as RiskTool.Nircmd.43520

---------------------------------------------------------------------------------

File path:   c:\users\transfer\downloads\adwcleaner_4.002.exe
Publisher:   
MD5:    ff33d8cdf04b1d15f3808d49406bea43
SHA-1:    a84f23127df8df711358ed795b2e1840ddabcfa0
Created:   11/8/2014 11:06:44 AM
Detections:   2
Determination:   Ignore detections (false positive)
   - AegisLab AV Signature as Troj.MSIL.Disfa (Undefined)
   - Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\downloads\avery wizard 5.0_20140331.exe
Publisher:   Avery Dennison Corp.
Signer:   Avery Products Corporation
MD5:    4c983af38001a50edec1ef988960f527
SHA-1:    f0e3c686b8f0cd9222421559887ecced81d33f3a
Created:   7/10/2014 5:14:46 PM
Detections:   1
Determination:   Inconclusive
   - ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\downloads\install\hl-2240\setup.exe
Publisher:   Brother Industories, Ltd.
MD5:    5b501af446cf579fe3e135001e2eaf0d
SHA-1:    53f6233ad2fd01234478acf09c686780216471f0
Created:   4/6/2014 2:58:11 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - NANO AntiVirus as Trojan.Win32.Huhk.crkkle (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\desktop\adwcleaner_4.100.exe
Publisher:   
MD5:    92b980c37f4c56498c65265be033e42d
SHA-1:    42beff9cd2a8bc0240774417872682af18a3168b
Created:   11/9/2014 7:54:12 AM
Detections:   3
Determination:   Inconclusive
   - Total Defense as Win32/Tnega.AWJH (Undefined)
   - Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)
   - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\brdctf2.dll
Publisher:   Brother Industries Ltd.
MD5:    5790dd6c789efd358cb8e904e22e5105
SHA-1:    ed034edebb14ac3146335da3806560f454f5e5bb
Created:   4/6/2014 3:27:45 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Trojan/Win32.Rozena (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\brosnmp.dll
Publisher:   Brother Industries, Ltd.
MD5:    38e5e24bede6f59afc648cb7ef897d69
SHA-1:    c91eb7b475bb6857636c2c3e6fa43feec62da889
Created:   2/5/2010 1:42:32 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\brrbtool.exe
Publisher:   Brother Industries Ltd
Signer:   Brother Industries, ltd.
MD5:    06872311905299ba7fe505ced6c1f99a
SHA-1:    3419e4f4f8780dc96167cd172aecc6f430fc48da
Created:   4/6/2014 2:43:23 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.Clod6a4.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\bwcontexthandler.dll
Publisher:   
MD5:    f4a1b4d4ccfd8eeef0259fae58cfae5c
SHA-1:    0136a1323e4f85c773e86e62caeb6dc90182179b
Created:   7/13/2009 6:42:10 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Gen:Variant.Kazy.182960 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\iscsicpl.dll
Publisher:   Microsoft Corporation
MD5:    f945adcef203e6104aec8ec9c337cfd0
SHA-1:    85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created:   7/13/2009 6:46:13 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\melodysource.ax
Publisher:   InterObject Ltd.
MD5:    68a754d4c37661f9aa5fdab04a1997fa
SHA-1:    dd9ac9a64a36beb4861d262d74b0c36c206ca103
Created:   2/16/2014 3:08:30 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Adware.Generic.667775 (Adware)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\netprof.dll
Publisher:   Microsoft Corporation
MD5:    1fda175324fac331dc41b076103e7123
SHA-1:    b791c2096df2ab3c6315e454022ac64c9fdb102d
Created:   7/13/2009 6:56:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\canonijfax\canon mx420 series fax\languagemodules\041e\cncaram.dll
Publisher:   CANON INC.
MD5:    6ded0e7a9450a0c76507673a432e53ae
SHA-1:    6f2ad7f61074dbd9d6aa7b25ca542af7c826ebf1
Created:   5/4/2013 9:25:57 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Kryptik.twk (Undefined)

---------------------------------------------------------------------------------

File path:   c:\programdata\canonijfax\canon mx420 series fax\languagemodules\041e\cncaram.dll
Publisher:   CANON INC.
MD5:    6ded0e7a9450a0c76507673a432e53ae
SHA-1:    6f2ad7f61074dbd9d6aa7b25ca542af7c826ebf1
Created:   5/4/2013 9:25:57 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Kryptik.twk (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\gimp 2\32\bin\libpangocairo-1.0-0.dll
Publisher:   Red Hat Software
MD5:    12c64366d468ffcbe7cabd26f0c93573
SHA-1:    e57e284f731ee1d8c81aad000e300fbbbb3d1d29
Created:   6/15/2013 8:25:27 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\gimp 2\bin\libgimpcolor-2.0-0.dll
Publisher:   
Signer:   Open Source Developer,Jernej Simončič
MD5:    5859bcae097a34416bfa089fd0f44a0c
SHA-1:    c8611b34cccc9c622c15c30286715e44cb10f4ca
Created:   6/15/2013 8:25:32 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K

---------------------------------------------------------------------------------

File path:   c:\program files\gimp 2\uninst\unins000.exe
Publisher:   
Signer:   Open Source Developer,Jernej Simončič
MD5:    dcae21a3b9ed59ef050abd39daa50ab6
SHA-1:    022deab1a546dd83490d7501759469174ae7534e
Created:   6/15/2013 9:13:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\audacity\unins000.exe
Publisher:   
MD5:    8bbcd78364faf1b1a1b52738a3940d6a
SHA-1:    d7edf7739eede01ce0174d0403c2f376527e804f
Created:   3/9/2014 5:29:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\avg\avg2013\avgdumpx.exe
Publisher:   AVG Technologies CZ, s.r.o.
Signer:   AVG Technologies CZ, s.r.o.
MD5:    05031c77d92dad682f0ee4daa9326d0f
SHA-1:    00cb4efb539ee703f8da08a692e838f675002874
Created:   10/23/2013 2:06:02 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Heur.j

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\avg\avg2013\tuneup\tumicroscanner.exe
Publisher:   
Signer:   TuneUp Software
MD5:    d7962fe828896e7571975dac30bbe049
SHA-1:    b4635a8b411e3a274042875cb741c83337ecbcbf
Created:   2/19/2013 2:10:42 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Jiangmin as Win32/Virut.bn

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\brother\brmfl10d\brstdvpt.exe
Publisher:   Brother Industries, Ltd.
MD5:    513fbc73a000369009518280bf9c64d8
SHA-1:    6f3bc5a7bf1fa5342d633db0353d78f3c19aa1a7
Created:   4/6/2014 3:27:49 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\brother\ptupdate\ptupres.dll
Publisher:   Brother Industries, Ltd.
MD5:    7e3e83c1649c7eba5d1798a853176ac8
SHA-1:    e43a7583c0315384a38595e84e7ca62e898bda03
Created:   8/6/2010 6:03:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Clam AntiVirus as PUA.Win32.Packer.Hideprotect

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\browny02\brosnmp.dll
Publisher:   Brother Industries, Ltd.
MD5:    38e5e24bede6f59afc648cb7ef897d69
SHA-1:    c91eb7b475bb6857636c2c3e6fa43feec62da889
Created:   4/6/2014 3:27:50 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\browny02\brother\brfirmupdatecheck.dll
Publisher:   Brother Industries, Ltd.
MD5:    b907641b954b7c8c7f81ea8679314bfd
SHA-1:    2b2df85350c0a4f90e89c4bdbcfb7e465f9592cb
Created:   4/6/2014 3:27:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\browny02\brother\brnettooltrk.dll
Publisher:   Brother Industries, Ltd.
MD5:    c1d305ad95d4b9dbc5a8e496e3009beb
SHA-1:    0d6e57013162dea66b09bee48bbf984cee729d0e
Created:   4/6/2014 3:27:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Android.Adware.Wapsx (Adware)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\canon\easy-photoprint ex\npezffpi.dll
Publisher:   CANON INC.
MD5:    ce252b04fb9f4f773a7db5338bfeea5b
SHA-1:    45b12928eb8e8b08567a9d4c00f31bf1ac3e8d3b
Created:   3/27/2013 2:04:13 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\canon\my image garden\pdc.dll
Publisher:   Canon Inc.
MD5:    d872f614109caa13c648dc2fe8ebe6c5
SHA-1:    ac02f5d431ded659c9f0daee25c7253d99b00098
Created:   5/7/2014 12:30:16 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - CMC Antivirus as P2P-Worm.Win32.SpyBot!O (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\canon\my image garden\addon\moviecapture\nsrlib.dll
Publisher:   Canon Inc.
MD5:    a067b2da5ec37a5ae0633cd544c89050
SHA-1:    40ea86161d96b629cbff3cd35d0aa86513c2c145
Created:   5/7/2014 12:30:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Pedka (Undefined)

 



#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:10 PM

Posted 13 November 2014 - 10:31 AM

Yes, please go ahead. This type of scans produces false positives quite often, the more data I have the better opinion I can provide about your machine :)

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:01:10 PM

Posted 13 November 2014 - 11:49 AM

2nd scan by herd

 

Saved date:    11/13/2014 10:47:14 AM
Files detected:  33
Files scanned:   10,259
Processes scanned:  54
Modules scanned:  756
ASEPs scanned:   446
Downloads scanned:  0
Deep analysis:   0/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\spybot - search & destroy 2\av\scan.dll
Publisher:   BitDefender
Signer:   BitDefender SRL
MD5:    9b375bb63f99b113c065a5db4e632e23
SHA-1:    115edae4e06227fe6f8c66b28557a67b8c3218aa
Created:   11/9/2014 9:27:35 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
Publisher:   Hewlett-Packard Company
MD5:    2a8b93a01621e100a578e83c768afa2c
SHA-1:    0d2c353f155651e6834ce40170f2e3385e0d287a
Created:   11/4/2013 6:31:56 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.Service.HewlettPackardCompany.M

---------------------------------------------------------------------------------

File path:   c:\program files\idt\wdm\stacsv64.exe
Publisher:   IDT, Inc.
MD5:    605eccce95acf7af12cbccdab55b8dd0
SHA-1:    6d8c413093e58fa8579d3809dbd48363ed08307c
Created:   1/14/2014 12:55:40 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.Clodbae.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\webupdatesvc4.exe
Publisher:   Data Perceptions / PowerProgrammer
Signer:   Data Perceptions
MD5:    6690fafc9f2c0df23dd88953c010cfeb
SHA-1:    7c8b2467559d7563181ed247346adf63ecfedba4
Created:   11/25/2013 1:33:58 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.Service.DataPerceptions.N

---------------------------------------------------------------------------------

File path:   c:\users\transfer\appdata\local\temp\jrt\nircmd.dat
Publisher:   NirSoft
MD5:    466a42aea0abdf4c6b610f0f5e61cfa2
SHA-1:    7e7998642babcb567ff7845cfaf4f3636ce209f7
Created:   11/11/2014 8:04:32 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - ViRobot as RiskTool.Nircmd.43520

---------------------------------------------------------------------------------

File path:   c:\users\transfer\downloads\adwcleaner_4.002.exe
Publisher:   
MD5:    ff33d8cdf04b1d15f3808d49406bea43
SHA-1:    a84f23127df8df711358ed795b2e1840ddabcfa0
Created:   11/8/2014 11:06:44 AM
Detections:   2
Determination:   Ignore detections (false positive)
   - AegisLab AV Signature as Troj.MSIL.Disfa (Undefined)
   - Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\downloads\avery wizard 5.0_20140331.exe
Publisher:   Avery Dennison Corp.
Signer:   Avery Products Corporation
MD5:    4c983af38001a50edec1ef988960f527
SHA-1:    f0e3c686b8f0cd9222421559887ecced81d33f3a
Created:   7/10/2014 5:14:46 PM
Detections:   1
Determination:   Inconclusive
   - ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\downloads\install\hl-2240\setup.exe
Publisher:   Brother Industories, Ltd.
MD5:    5b501af446cf579fe3e135001e2eaf0d
SHA-1:    53f6233ad2fd01234478acf09c686780216471f0
Created:   4/6/2014 2:58:11 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - NANO AntiVirus as Trojan.Win32.Huhk.crkkle (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\desktop\adwcleaner_4.100.exe
Publisher:   
MD5:    92b980c37f4c56498c65265be033e42d
SHA-1:    42beff9cd2a8bc0240774417872682af18a3168b
Created:   11/9/2014 7:54:12 AM
Detections:   3
Determination:   Inconclusive
   - Total Defense as Win32/Tnega.AWJH (Undefined)
   - Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)
   - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\transfer\desktop\idtool\idtool.exe
Publisher:   NathanScott Apps
MD5:    aa916670a0e3577ed5ac3570417eb2bc
SHA-1:    d81b1e4d8c7ad0e788153dd08cbe507264c60a19
Created:   11/13/2014 6:29:22 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Vba32 AntiVirus as Downloader.Agent (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\brdctf2.dll
Publisher:   Brother Industries Ltd.
MD5:    5790dd6c789efd358cb8e904e22e5105
SHA-1:    ed034edebb14ac3146335da3806560f454f5e5bb
Created:   4/6/2014 3:27:45 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Trojan/Win32.Rozena (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\brosnmp.dll
Publisher:   Brother Industries, Ltd.
MD5:    38e5e24bede6f59afc648cb7ef897d69
SHA-1:    c91eb7b475bb6857636c2c3e6fa43feec62da889
Created:   2/5/2010 1:42:32 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\brrbtool.exe
Publisher:   Brother Industries Ltd
Signer:   Brother Industries, ltd.
MD5:    06872311905299ba7fe505ced6c1f99a
SHA-1:    3419e4f4f8780dc96167cd172aecc6f430fc48da
Created:   4/6/2014 2:43:23 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.Clod6a4.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\bwcontexthandler.dll
Publisher:   
MD5:    f4a1b4d4ccfd8eeef0259fae58cfae5c
SHA-1:    0136a1323e4f85c773e86e62caeb6dc90182179b
Created:   7/13/2009 6:42:10 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Gen:Variant.Kazy.182960 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\iscsicpl.dll
Publisher:   Microsoft Corporation
MD5:    f945adcef203e6104aec8ec9c337cfd0
SHA-1:    85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created:   7/13/2009 6:46:13 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\melodysource.ax
Publisher:   InterObject Ltd.
MD5:    68a754d4c37661f9aa5fdab04a1997fa
SHA-1:    dd9ac9a64a36beb4861d262d74b0c36c206ca103
Created:   2/16/2014 3:08:30 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Adware.Generic.667775 (Adware)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\netprof.dll
Publisher:   Microsoft Corporation
MD5:    1fda175324fac331dc41b076103e7123
SHA-1:    b791c2096df2ab3c6315e454022ac64c9fdb102d
Created:   7/13/2009 6:56:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\canonijfax\canon mx420 series fax\languagemodules\041e\cncaram.dll
Publisher:   CANON INC.
MD5:    6ded0e7a9450a0c76507673a432e53ae
SHA-1:    6f2ad7f61074dbd9d6aa7b25ca542af7c826ebf1
Created:   5/4/2013 9:25:57 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Kryptik.twk (Undefined)

---------------------------------------------------------------------------------

File path:   c:\programdata\canonijfax\canon mx420 series fax\languagemodules\041e\cncaram.dll
Publisher:   CANON INC.
MD5:    6ded0e7a9450a0c76507673a432e53ae
SHA-1:    6f2ad7f61074dbd9d6aa7b25ca542af7c826ebf1
Created:   5/4/2013 9:25:57 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Kryptik.twk (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\gimp 2\32\bin\libpangocairo-1.0-0.dll
Publisher:   Red Hat Software
MD5:    12c64366d468ffcbe7cabd26f0c93573
SHA-1:    e57e284f731ee1d8c81aad000e300fbbbb3d1d29
Created:   6/15/2013 8:25:27 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\gimp 2\bin\libgimpcolor-2.0-0.dll
Publisher:   
Signer:   Open Source Developer,Jernej Simončič
MD5:    5859bcae097a34416bfa089fd0f44a0c
SHA-1:    c8611b34cccc9c622c15c30286715e44cb10f4ca
Created:   6/15/2013 8:25:32 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K

---------------------------------------------------------------------------------

File path:   c:\program files\gimp 2\uninst\unins000.exe
Publisher:   
Signer:   Open Source Developer,Jernej Simončič
MD5:    dcae21a3b9ed59ef050abd39daa50ab6
SHA-1:    022deab1a546dd83490d7501759469174ae7534e
Created:   6/15/2013 9:13:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\audacity\unins000.exe
Publisher:   
MD5:    8bbcd78364faf1b1a1b52738a3940d6a
SHA-1:    d7edf7739eede01ce0174d0403c2f376527e804f
Created:   3/9/2014 5:29:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\avg\avg2013\avgdumpx.exe
Publisher:   AVG Technologies CZ, s.r.o.
Signer:   AVG Technologies CZ, s.r.o.
MD5:    05031c77d92dad682f0ee4daa9326d0f
SHA-1:    00cb4efb539ee703f8da08a692e838f675002874
Created:   10/23/2013 2:06:02 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Heur.j

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\avg\avg2013\tuneup\tumicroscanner.exe
Publisher:   
Signer:   TuneUp Software
MD5:    d7962fe828896e7571975dac30bbe049
SHA-1:    b4635a8b411e3a274042875cb741c83337ecbcbf
Created:   2/19/2013 2:10:42 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Jiangmin as Win32/Virut.bn

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\brother\brmfl10d\brstdvpt.exe
Publisher:   Brother Industries, Ltd.
MD5:    513fbc73a000369009518280bf9c64d8
SHA-1:    6f3bc5a7bf1fa5342d633db0353d78f3c19aa1a7
Created:   4/6/2014 3:27:49 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\brother\ptupdate\ptupres.dll
Publisher:   Brother Industries, Ltd.
MD5:    7e3e83c1649c7eba5d1798a853176ac8
SHA-1:    e43a7583c0315384a38595e84e7ca62e898bda03
Created:   8/6/2010 6:03:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Clam AntiVirus as PUA.Win32.Packer.Hideprotect

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\browny02\brosnmp.dll
Publisher:   Brother Industries, Ltd.
MD5:    38e5e24bede6f59afc648cb7ef897d69
SHA-1:    c91eb7b475bb6857636c2c3e6fa43feec62da889
Created:   4/6/2014 3:27:50 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\browny02\brother\brfirmupdatecheck.dll
Publisher:   Brother Industries, Ltd.
MD5:    b907641b954b7c8c7f81ea8679314bfd
SHA-1:    2b2df85350c0a4f90e89c4bdbcfb7e465f9592cb
Created:   4/6/2014 3:27:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\browny02\brother\brnettooltrk.dll
Publisher:   Brother Industries, Ltd.
MD5:    c1d305ad95d4b9dbc5a8e496e3009beb
SHA-1:    0d6e57013162dea66b09bee48bbf984cee729d0e
Created:   4/6/2014 3:27:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Android.Adware.Wapsx (Adware)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\canon\easy-photoprint ex\npezffpi.dll
Publisher:   CANON INC.
MD5:    ce252b04fb9f4f773a7db5338bfeea5b
SHA-1:    45b12928eb8e8b08567a9d4c00f31bf1ac3e8d3b
Created:   3/27/2013 2:04:13 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\canon\my image garden\pdc.dll
Publisher:   Canon Inc.
MD5:    d872f614109caa13c648dc2fe8ebe6c5
SHA-1:    ac02f5d431ded659c9f0daee25c7253d99b00098
Created:   5/7/2014 12:30:16 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - CMC Antivirus as P2P-Worm.Win32.SpyBot!O (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\canon\my image garden\addon\moviecapture\nsrlib.dll
Publisher:   Canon Inc.
MD5:    a067b2da5ec37a5ae0633cd544c89050
SHA-1:    40ea86161d96b629cbff3cd35d0aa86513c2c145
Created:   5/7/2014 12:30:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Pedka (Undefined)

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users