Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HIjackthis log.


  • This topic is locked This topic is locked
10 replies to this topic

#1 GnarlyRadical

GnarlyRadical

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 23 November 2014 - 10:18 PM

I don't know what infection I have, sorry. It is restarting my windows 7 repetively, blue-screening me and putting me into system restore/system recovery.

 

Here is my HijackThis Log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:36:04 PM, on 11/23/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 33.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Jeems Bond\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?

type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc

\Plugins\ArcPluginIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager

\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

-hidden
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bloggie Watcher Utility.lnk = C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\Jaksta\AC\x86\jaudcap.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common

Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM

\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World

Entertainment\Arc\ArcService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager

\CinemanowSvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config

\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file

missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console

\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check

\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard

\Shared\HPDrvMntSvc.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard

\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:

\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows

\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program

Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla

Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot -

Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file

missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat

\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file

missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files

(x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom

\WTabletServicePro.exe

--
End of file - 10779 bytes
 

Attached Files


Edited by GnarlyRadical, 23 November 2014 - 10:26 PM.


BC AdBot (Login to Remove)

 


#2 GnarlyRadical

GnarlyRadical
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 23 November 2014 - 10:30 PM

PS Hijack tells me it cant access my 'hosts' it gives me these instructions:

 

Start>Run>type:

 

notepad C:\Windows\System32\drivers\etc\hosts

 

Enter

 

find line(s) hijackthis reports, delete them, save the file as 'hosts' with quotes and reboot.

 

????


Edited by GnarlyRadical, 23 November 2014 - 10:30 PM.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:28 AM

Posted 24 November 2014 - 04:11 AM

Hello GnarlyRadical and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
FRST.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 GnarlyRadical

GnarlyRadical
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 24 November 2014 - 12:00 PM

thank you for the prompt reply, I am grateful.

I did as you asked and the txt files are in the attachments.

As all logs are in attachements, I see instructions to copy and paste the logs of FRST and ADDITION in my next post that is also done here as well.

 

Attached File  AdwCleanerS0.txt   3.27KB   1 downloadsAttached File  JRT.txt   1.67KB   1 downloadsAttached File  FRST.txt   48.98KB   0 downloadsAttached File  Addition.txt   28.17KB   0 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Jeems Bond (administrator) on PAVILIONDV5 on 24-11-2014 10:53:30
Running from C:\Users\Jeems Bond\Downloads
Loaded Profile: Jeems Bond (Available profiles: Jeems Bond)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(DeviceVM, Inc.) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-06-08] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-06-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-11-24] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\MountPoints2: {a9f7882e-2d5b-11e4-b092-f8a791fdf31a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\MountPoints2: {cf4ff4cd-4073-11e4-a7f3-e6f1d09f9524} - F:\iLinker.exe
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\MountPoints2: {d8a308af-2916-11e4-b729-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-06] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-05-06] (Jaksta Technologies Pty Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1564916474-592535189-1143590070-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1564916474-592535189-1143590070-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {53760986-C995-4C85-8D62-DACBEB76C39C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {71FAEC90-F752-4D11-B17E-49826479E059} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {53760986-C995-4C85-8D62-DACBEB76C39C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {71FAEC90-F752-4D11-B17E-49826479E059} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1564916474-592535189-1143590070-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-1564916474-592535189-1143590070-1000 -> {53760986-C995-4C85-8D62-DACBEB76C39C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1564916474-592535189-1143590070-1000 -> {71FAEC90-F752-4D11-B17E-49826479E059} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jeems Bond\AppData\Roaming\Mozilla\Firefox\Profiles\p63usbd9.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-1564916474-592535189-1143590070-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-1564916474-592535189-1143590070-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
FF SearchPlugin: C:\Users\Jeems Bond\AppData\Roaming\Mozilla\Firefox\Profiles\p63usbd9.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Users\Jeems Bond\AppData\Roaming\Mozilla\Firefox\Profiles\p63usbd9.default\searchplugins\yahoo-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-22]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-07]
CHR Extension: (Google Docs) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-07]
CHR Extension: (Google Drive) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (YouTube) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-07]
CHR Extension: (Google Search) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-07]
CHR Extension: (Avast Online Security) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]
CHR Extension: (Gmail) - C:\Users\Jeems Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-25] (AVAST Software)
R2 DvmMDES; C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-06-25] (DeviceVM, Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [649496 2014-10-27] (Wacom Technology, Corp.)
S2 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-22] ()
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 10:53 - 2014-11-24 10:54 - 00020887 _____ () C:\Users\Jeems Bond\Downloads\FRST.txt
2014-11-24 10:53 - 2014-11-24 10:53 - 00000000 ____D () C:\FRST
2014-11-24 10:52 - 2014-11-24 10:52 - 02118144 _____ (Farbar) C:\Users\Jeems Bond\Downloads\FRST64.exe
2014-11-24 10:51 - 2014-11-24 10:51 - 00001710 _____ () C:\Users\Jeems Bond\Documents\JRT.txt
2014-11-24 10:51 - 2014-11-24 10:51 - 00001710 _____ () C:\Users\Jeems Bond\Desktop\JRT.txt
2014-11-24 10:43 - 2014-11-24 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-11-24 10:42 - 2014-11-24 10:42 - 01707532 _____ (Thisisu) C:\Users\Jeems Bond\Downloads\JRT.exe
2014-11-24 10:39 - 2014-11-24 10:40 - 00003347 _____ () C:\Users\Jeems Bond\Documents\AdwCleaner[S0].txt
2014-11-24 10:38 - 2014-11-24 10:38 - 00000012 ____H () C:\dvmexp.idx
2014-11-24 10:38 - 2014-11-24 10:38 - 00000000 ___HD () C:\dvmexp
2014-11-24 10:38 - 2014-11-24 10:38 - 00000000 ____D () C:\temp
2014-11-24 10:34 - 2014-11-24 10:36 - 00000000 ____D () C:\AdwCleaner
2014-11-24 10:33 - 2014-11-24 10:33 - 02148864 _____ () C:\Users\Jeems Bond\Downloads\adwcleaner_4.102.exe
2014-11-24 09:45 - 2014-11-24 10:37 - 00024978 _____ () C:\Windows\PFRO.log
2014-11-23 22:56 - 2014-11-23 22:56 - 01189870 _____ () C:\Users\Jeems Bond\Downloads\bookmarks.html
2014-11-23 22:11 - 2014-11-23 22:11 - 00000000 ____D () C:\Users\Jeems Bond\Downloads\backups
2014-11-23 21:26 - 2014-11-23 21:26 - 00010781 _____ () C:\Users\Jeems Bond\Documents\hijackthis1.txt
2014-11-23 20:41 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-23 20:41 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-23 20:41 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-23 20:41 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-23 20:41 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-23 20:41 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-23 20:41 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-23 20:41 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-23 20:41 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-23 20:41 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-23 20:41 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-23 20:41 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-23 20:41 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-23 20:41 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-23 20:41 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-23 20:41 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-23 20:41 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-23 20:41 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-23 20:41 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-23 20:41 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-23 20:41 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-23 20:41 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-23 20:41 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-23 20:41 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-23 20:41 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-23 20:41 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-23 20:41 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-23 20:41 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-23 20:41 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-23 20:41 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-23 20:41 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-23 20:41 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-23 20:41 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-23 20:41 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-23 20:41 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-23 20:41 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-23 20:41 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-23 20:41 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-23 20:41 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-23 20:41 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-23 20:41 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-23 20:41 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-23 20:41 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-23 20:41 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-23 20:41 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-23 20:41 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-23 20:41 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-23 20:41 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-23 20:41 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-23 20:41 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-23 20:41 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-23 20:41 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-23 20:41 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-23 20:41 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-23 20:41 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-23 20:41 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-23 20:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-23 20:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-23 20:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-23 20:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-23 20:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-23 20:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-23 20:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-23 20:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-23 20:38 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-23 20:38 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-23 20:38 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-23 20:38 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-23 20:38 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-23 20:38 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-23 20:38 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-23 20:38 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-23 20:38 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-23 20:38 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-23 20:38 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-23 20:38 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-23 20:38 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-23 20:38 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-23 20:38 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-23 20:38 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-23 20:38 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-23 20:38 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-23 20:38 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-23 20:38 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-23 20:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-23 20:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-23 20:37 - 2014-11-23 20:37 - 00010781 _____ () C:\Users\Jeems Bond\Downloads\hijackthis1.txt
2014-11-23 20:36 - 2014-11-23 20:36 - 00010781 _____ () C:\Users\Jeems Bond\Downloads\hijackthis.log
2014-11-23 20:34 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-23 20:34 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-23 20:34 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-23 20:34 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-23 20:34 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-23 20:34 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-23 20:34 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-23 20:34 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-23 20:34 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-23 20:34 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-23 20:34 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-23 20:34 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-23 20:32 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-23 20:32 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-23 20:32 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-23 20:32 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-23 20:32 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-23 20:31 - 2014-11-23 20:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jeems Bond\Downloads\HijackThis.exe
2014-11-23 20:31 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-23 20:31 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-23 20:28 - 2014-11-23 20:28 - 00001992 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-11-23 20:17 - 2014-11-23 20:18 - 00274984 _____ () C:\Windows\Minidump\112314-34491-01.dmp
2014-11-22 22:30 - 2014-11-22 22:30 - 00000000 ____D () C:\Users\Jeems Bond\Documents\pics david ax fox11 la
2014-11-22 22:00 - 2014-11-22 22:00 - 00000000 __SHD () C:\found.003
2014-11-22 18:45 - 2014-11-22 18:47 - 00000000 ____D () C:\Users\Jeems Bond\Documents\catastrophe
2014-11-18 18:37 - 2014-11-18 18:37 - 00000362 _____ () C:\Users\Jeems Bond\Documents\important tv show list.txt
2014-11-16 11:49 - 2014-11-16 11:49 - 00000000 ____D () C:\Users\Jeems Bond\Desktop\coupons
2014-11-15 05:07 - 2014-11-15 05:07 - 00000026 _____ () C:\Users\Jeems Bond\Documents\maystar phone number.txt
2014-11-14 11:30 - 2014-11-14 11:30 - 00000098 _____ () C:\Users\Jeems Bond\Documents\hi.txt
2014-11-09 02:55 - 2014-11-18 19:24 - 00000000 ____D () C:\Users\Jeems Bond\Documents\wwcc stuff
2014-11-07 01:05 - 2014-11-07 01:06 - 00274984 _____ () C:\Windows\Minidump\110714-35069-01.dmp
2014-11-07 01:03 - 2014-11-07 01:03 - 00000000 __SHD () C:\found.002
2014-11-07 00:47 - 2014-11-07 00:48 - 00275040 _____ () C:\Windows\Minidump\110714-47533-01.dmp
2014-11-06 21:55 - 2014-11-06 21:56 - 71442044 _____ () C:\Users\Jeems Bond\Downloads\LOVELOVEMOLLY_test1.wav
2014-11-06 21:52 - 2014-11-06 21:54 - 181022948 _____ () C:\Users\Jeems Bond\Downloads\SaveUsPimpUs.wav
2014-11-06 21:50 - 2014-11-06 21:51 - 84040244 _____ () C:\Users\Jeems Bond\Downloads\MECOSTARWARSWOW.wav
2014-11-06 21:49 - 2014-11-06 21:49 - 34294508 _____ () C:\Users\Jeems Bond\Downloads\WraithIceCreamTruck3.wav
2014-11-06 21:41 - 2014-11-06 21:43 - 179976028 _____ () C:\Users\Jeems Bond\Downloads\Le Walk Madamoiselle Mollykins.wav
2014-11-06 21:25 - 2014-11-06 21:25 - 00000000 ____D () C:\Users\Jeems Bond\dwhelper
2014-11-05 15:35 - 2014-11-05 15:35 - 00000000 ____D () C:\ProgramData\Smith Micro
2014-11-05 15:34 - 2014-11-05 15:34 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\Smith Micro
2014-11-05 15:33 - 2014-11-05 15:33 - 00001269 _____ () C:\Users\Public\Desktop\Anime Studio Pro (x86).lnk
2014-11-05 15:33 - 2014-11-05 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
2014-11-05 15:32 - 2014-11-05 15:32 - 00000000 ____D () C:\Program Files (x86)\Smith Micro
2014-11-05 14:59 - 2014-11-05 14:59 - 02953520 _____ (AVAST Software) C:\Users\Jeems Bond\Downloads\avast-browser-cleanup(1).exe
2014-11-05 14:58 - 2014-11-05 14:58 - 02953520 _____ (AVAST Software) C:\Users\Jeems Bond\Downloads\avast-browser-cleanup.exe
2014-11-05 14:23 - 2014-11-05 14:23 - 00038109 _____ () C:\Users\Jeems Bond\Downloads\Icelandic Runes.ttf
2014-11-05 13:29 - 2014-11-05 13:29 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\WTablet
2014-11-05 13:25 - 2014-11-05 13:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-11-05 13:25 - 2014-11-05 13:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-11-05 13:25 - 2014-11-05 13:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2014-11-05 13:25 - 2014-11-05 13:25 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-11-05 13:25 - 2014-11-05 13:25 - 00000000 ____D () C:\Program Files\Tablet
2014-11-05 13:25 - 2014-11-05 13:25 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-11-05 13:25 - 2014-10-27 15:38 - 02005784 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01989912 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01983256 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01856792 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01613080 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01608984 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01605912 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-11-05 13:25 - 2014-10-27 15:38 - 01492248 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-11-05 13:25 - 2014-08-06 12:15 - 00102200 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2014-11-05 13:25 - 2014-08-06 12:15 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2014-11-05 13:25 - 2014-08-06 12:15 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-11-05 13:25 - 2012-12-11 16:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2014-11-05 13:23 - 2014-11-05 13:24 - 109275864 _____ () C:\Users\Jeems Bond\Downloads\WacomTablet_6.3.9w5.exe
2014-11-05 11:58 - 2014-11-22 18:46 - 00000132 _____ () C:\Users\Jeems Bond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-04 14:26 - 2014-11-04 14:35 - 39213783 _____ () C:\Users\Jeems Bond\Documents\wh fx clips 3b.wmv
2014-11-04 14:08 - 2014-11-04 14:10 - 09341609 _____ () C:\Users\Jeems Bond\Documents\wh fx clips 2a.wmv
2014-11-04 11:18 - 2014-11-04 11:22 - 12741627 _____ () C:\Users\Jeems Bond\Documents\wh fx clips 2.wmv
2014-11-04 11:09 - 2014-11-04 11:12 - 14509633 _____ () C:\Users\Jeems Bond\Documents\wh fx clips 1.wmv
2014-11-04 10:46 - 2014-11-12 23:01 - 00000000 ____D () C:\Users\Jeems Bond\Desktop\film stuff one
2014-11-04 10:13 - 2007-08-22 18:30 - 00000082 ____N () C:\Users\Jeems Bond\Downloads\._MidiNES Editor
2014-11-04 10:10 - 2014-11-04 10:21 - 00000000 ____D () C:\Users\Jeems Bond\Downloads\__MACOSX
2014-11-03 14:26 - 2014-11-03 14:26 - 02603110 _____ () C:\Users\Jeems Bond\Downloads\MPC60_Free.zip
2014-11-03 14:24 - 2014-11-03 14:24 - 04174478 _____ () C:\Users\Jeems Bond\Downloads\ValveDR220e_Wav.zip
2014-10-29 13:20 - 2014-10-29 13:29 - 13158387 _____ () C:\Users\Jeems Bond\Documents\WitchHouse Covers slideshow.wmv
2014-10-29 13:10 - 2014-10-29 13:10 - 24084459 ____N () C:\Users\Jeems Bond\Documents\WitchHouse Covers slideshow.mov
2014-10-29 13:10 - 2014-10-29 13:10 - 00000052 _____ () C:\Users\Jeems Bond\Documents\WitchHouse Covers slideshow.mov.sfl
2014-10-29 13:05 - 2014-10-29 13:05 - 00037192 _____ () C:\Users\Jeems Bond\Documents\WitchHouse Covers slideshow.veg
2014-10-29 13:04 - 2014-10-29 13:12 - 05523688 _____ () C:\Users\Jeems Bond\Downloads\Pwin Teaks Live From The New H.mp3.sfk
2014-10-28 14:09 - 2014-10-28 14:09 - 00000031 _____ () C:\Users\Jeems Bond\AppData\Roaming\Spiral Preferences.dat
2014-10-27 03:52 - 2014-11-23 20:17 - 667476646 _____ () C:\Windows\MEMORY.DMP
2014-10-27 03:52 - 2014-10-27 03:53 - 00372392 _____ () C:\Windows\Minidump\102714-36051-01.dmp
2014-10-25 10:26 - 2014-10-25 10:26 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\Oracle
2014-10-25 10:25 - 2014-10-25 10:25 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-25 10:25 - 2014-10-25 10:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-25 10:25 - 2014-10-25 10:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-25 10:19 - 2014-11-24 10:37 - 00001852 _____ () C:\Windows\setupact.log
2014-10-25 10:19 - 2014-10-25 10:19 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 10:46 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 10:46 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 10:44 - 2009-07-13 23:13 - 00782228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 10:43 - 2014-08-21 00:56 - 01820687 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 10:38 - 2014-10-07 13:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 10:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 10:28 - 2014-10-07 13:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 10:20 - 2014-10-20 22:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-24 09:46 - 2009-07-13 22:45 - 04926360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-24 09:43 - 2014-08-21 19:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-24 09:29 - 2014-08-22 20:44 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-24 09:24 - 2014-08-22 20:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-24 09:23 - 2014-10-12 20:22 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForJeems Bond.job
2014-11-24 01:30 - 2014-10-07 13:10 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 22:57 - 2014-10-02 20:09 - 00278016 ___SH () C:\Users\Jeems Bond\Documents\Thumbs.db
2014-11-23 21:55 - 2014-10-07 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 21:55 - 2014-09-24 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-23 21:55 - 2014-08-26 09:59 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\uTorrent
2014-11-23 21:55 - 2014-08-22 23:17 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\vlc
2014-11-23 21:55 - 2014-08-22 21:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-23 21:55 - 2014-08-22 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 21:55 - 2014-08-21 01:19 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-11-23 21:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-23 21:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-23 21:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-23 21:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-23 21:51 - 2009-09-06 18:40 - 00000000 ____D () C:\SwSetup
2014-11-23 21:23 - 2014-10-15 23:00 - 00000000 ____D () C:\ProgramData\Recovery
2014-11-23 20:38 - 2014-08-21 02:22 - 00003720 _____ () C:\Windows\System32\Tasks\Registration
2014-11-23 20:32 - 2014-08-21 01:53 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Local\VirtualStore
2014-11-23 20:28 - 2014-08-25 11:23 - 00001932 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-11-23 20:28 - 2014-08-22 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-11-23 20:24 - 2014-08-22 20:44 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-23 20:23 - 2014-10-07 13:07 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-23 20:23 - 2014-10-07 13:07 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-23 20:18 - 2014-08-21 01:52 - 00000000 ____D () C:\Users\Jeems Bond
2014-11-23 20:17 - 2014-10-20 13:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-23 18:53 - 2014-08-21 02:25 - 00000158 _____ () C:\Users\Jeems Bond\AppData\Local\mv_Photo.xml
2014-11-23 18:53 - 2014-08-21 02:25 - 00000149 _____ () C:\Users\Jeems Bond\AppData\Local\mv_music.xml
2014-11-23 12:15 - 2014-10-08 18:53 - 00000000 ____D () C:\Users\Jeems Bond\Desktop\scraps
2014-11-18 21:25 - 2014-10-07 21:16 - 00000000 ____D () C:\Users\Jeems Bond\Documents\melee
2014-11-12 03:05 - 2014-08-21 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-06 21:36 - 2014-08-24 15:02 - 00000000 ____D () C:\Users\Jeems Bond\Documents\Bloggie Library
2014-11-06 21:09 - 2014-10-07 21:15 - 00000000 ____D () C:\Users\Jeems Bond\Documents\molly1
2014-11-06 20:50 - 2014-08-22 20:11 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\Adobe
2014-11-05 22:15 - 2014-09-25 12:49 - 00000000 ____D () C:\Users\Jeems Bond\Desktop\kaiju vs mecha
2014-11-05 22:15 - 2014-09-03 21:18 - 00000000 ____D () C:\Users\Jeems Bond\Documents\journal notes
2014-11-05 14:24 - 2014-08-21 02:21 - 00071832 _____ () C:\Users\Jeems Bond\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 13:44 - 2014-10-12 20:22 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJeems Bond
2014-11-05 13:26 - 2014-10-07 13:42 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\SoftGrid Client
2014-11-04 14:30 - 2014-08-21 02:11 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-03 13:04 - 2014-09-12 19:15 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-03 13:00 - 2014-08-21 01:55 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\Hewlett-Packard
2014-11-03 12:59 - 2010-07-20 19:03 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-11-03 12:59 - 2010-07-20 17:23 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-03 09:52 - 2014-08-22 20:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 22:30 - 2014-09-04 10:49 - 00000000 ____D () C:\Users\Jeems Bond\Documents\rpg game collection
2014-10-25 22:30 - 2014-08-26 13:58 - 00000000 ____D () C:\Users\Jeems Bond\Documents\olympia press books
2014-10-25 10:27 - 2010-07-20 18:35 - 00000000 ____D () C:\Program Files\Java
2014-10-25 10:27 - 2010-07-20 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-25 10:25 - 2010-07-20 18:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-25 10:25 - 2010-07-20 18:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-25 10:21 - 2014-10-23 11:51 - 00000000 ____D () C:\Users\Jeems Bond\AppData\Roaming\Apple Computer
2014-10-25 09:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Jeems Bond\AppData\Local\Temp\APNSetup.exe
C:\Users\Jeems Bond\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jeems Bond\AppData\Local\Temp\Quarantine.exe
C:\Users\Jeems Bond\AppData\Local\Temp\SP50261.exe
C:\Users\Jeems Bond\AppData\Local\Temp\SP51327.exe
C:\Users\Jeems Bond\AppData\Local\Temp\sp58915.exe
C:\Users\Jeems Bond\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-22 22:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Jeems Bond at 2014-11-24 10:54:33
Running from C:\Users\Jeems Bond\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\uTorrent) (Version: 3.4.2.33254 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aalto VST version 1.3.2 (HKLM-x32\...\{F497817C-ED52-4C60-9C99-93C219254E4A}_is1) (Version: 1.3.2 - Madrona Labs, LLC)
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
ADM 1.2.2 CM (HKLM-x32\...\AudioRealism Drum Machine_is1) (Version:  - AudioRealism)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}) (Version: 1.2.517.35221 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.517.35221 - Alcor Micro Corp.) Hidden
ANALOG87 CM-COMP (x64) (HKLM-x32\...\ANALOG87 CM-COMP(x64)) (Version: 1.1.5 - eaReckon)
ANALOG87 CM-EQUA (x64) (HKLM-x32\...\ANALOG87 CM-EQUA(x64)) (Version: 1.1.5 - eaReckon)
Anime Studio Pro 9.1 (x86) (HKLM-x32\...\ASP910_is1) (Version: 9.1 - Smith Micro Software, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Artillery2 CM Edition (HKLM-x32\...\Artillery2 CM Edition) (Version: 1.0 - Sugar Bytes)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{7CAD117F-315D-5016-A128-D227FE197913}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
Blue Cat's FreqAnalyst CM DX-x64 1.2 (HKLM\...\{286DE0CF-C349-477D-B413-1488272E808F}) (Version: 1.2 - Blue Cat Audio)
Blue Cat's FreqAnalyst CM VST-x64 1.2 (HKLM\...\{A48474A4-6A39-4816-AACE-9EC26A766CB8}) (Version: 1.2 - Blue Cat Audio)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cableguys CurveCM 2.2 (HKLM\...\CurveCM_is1) (Version: 2.2 - Cableguys)
Cableguys WaveShaperCM 1.2 (HKLM\...\WaveShaperCM_is1) (Version: 1.2 - Cableguys)
ccc-core-static (x32 Version: 2010.0623.2149.37335 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CM Alpha (HKLM-x32\...\CM Alpha) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dune CM (Computer Music) (HKLM-x32\...\Dune CM (Computer Music)_is1) (Version:  - Synapse Audio Software)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
EurydiceCM version 1.0 (HKLM-x32\...\{0BF82F4F-37CC-4A00-A20E-B24AA8D90160}_is1) (Version: 1.0 - Inear Display)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Freecorder 8 Applications (8.0.1.48) (HKLM-x32\...\Freecorder 8 Applications) (Version: 8.0.1.48 - Applian Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{7221D07E-D60E-419C-BC3E-9525BF3EC7C3}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.3.11.0 - DeviceVM Inc.)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{E999A763-E2F7-48F3-87B8-947F781150DC}) (Version: 3.5.22.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-1564916474-592535189-1143590070-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kuassa Amplifikation CM Ver.1.0.0 (HKLM-x32\...\{832908DC-7B5E-42FD-8DB5-61CA4A19D722}_is1) (Version:  - Kuassa, Inc.)
Kuassa Premix CM Ver.1.0.0 (x64) (HKLM-x32\...\{919B1E4A-CF8D-40E1-8425-A648A8F00525}_is1) (Version:  - Kuassa, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Loomer Cumulus (HKLM-x32\...\Cumulus) (Version:  - Loomer)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MeldaProduction MHarmonizerCM64 (HKLM-x32\...\MeldaProduction MHarmonizerCM64) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plucked String VSTi/DXi v4.0 (HKLM-x32\...\SynapsePluckedString_is1) (Version: 4.0 - Synapse Audio Software)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
polyKB II CM (HKLM\...\polyKB II CM_is1) (Version: 2.1.3 - XILS-lab)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PTH2A-CM version 2.0.0 (HKLM\...\PTH2A-CM_is1) (Version: 2.0.0 - OverToneDSP)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Reverberate CM 1.005 (HKLM-x32\...\Reverberate CM) (Version: 1.005 - LiquidSonics)
RhinoCM 2.09 (HKLM-x32\...\{B6D12710-26FC-11DF-AA8E-AE2756D89593}_is1) (Version:  - Big Tick)
Rob Papen RG-Muted (HKLM-x32\...\RG-Muted_is1) (Version:  - RPCX)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1200}) (Version: 12.18.0.82 - APN, LLC) <==== ATTENTION
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
SynthMasterCM x64 VSTi Software Synthesizer Plug-In version 1.0.4.7 (HKLM-x32\...\{8B274520-37D1-4D79-98E6-DDEBA653E289}_is1) (Version: 1.0.4.7 - KV331 Audio)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony)
Vegas Pro 11.0 (64-bit) (HKLM\...\{7DA57CC0-029B-11E2-A4C0-F04DA23A5C58}) (Version: 11.0.701 - Sony)
Vengeance Producer Suite - philta(CM Edition) 1.0.1 (HKLM-x32\...\{C6A502F7-10A9-4F89-9915-0B5923CF2FC6}_is1) (Version:  - keilwerth Audio / vengeance Sound)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.9w5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wolfram version 1.2.1 (HKLM\...\Wolfram_is1) (Version: 1.2.1 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-11-2014 09:19:20 Windows Update
11-11-2014 06:45:34 Windows Update
12-11-2014 09:00:21 Windows Update
14-11-2014 15:51:36 Windows Update
18-11-2014 20:21:18 Windows Update
19-11-2014 00:30:25 avast! antivirus system restore point
19-11-2014 00:35:42 Device Driver Package Install: Avast Network Service
19-11-2014 09:00:12 Windows Update
23-11-2014 01:35:09 avast! antivirus system restore point
23-11-2014 01:39:34 Device Driver Package Install: Avast Network Service
23-11-2014 01:47:15 Windows Update
23-11-2014 03:00:47 Windows Update
24-11-2014 02:19:42 avast! antivirus system restore point
24-11-2014 02:27:32 Device Driver Package Install: Avast Network Service
24-11-2014 02:35:33 Windows Update
24-11-2014 15:23:51 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-08-22 22:37 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C96DB6-8386-4240-83F4-DB9CB968220E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {23E6C882-9912-4B60-AF98-1B71C5919BF0} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] ()
Task: {2663A05F-26CB-40DE-A76F-0229028DC97E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {61E018ED-82EB-46D8-8B74-1A2AF9BBACFF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-24] (CyberLink)
Task: {64C21B6E-E636-47DE-850C-BD4D70F0D87E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {64C9A310-ED50-43CE-BF02-ACDA6265942C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {72340DC3-D78E-4A1D-BE6B-8B1A0C3200DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-21] (Microsoft)
Task: {7479FD94-9033-4E38-A4CA-10C31C333961} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7CAFCAAD-3ACF-47A0-ADBD-1708AE0A3990} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)
Task: {80E3484D-4559-472C-8A75-608915CF8165} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-22] (AVAST Software)
Task: {81C5DEB6-060A-4982-B538-3ACCD19EFAB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {8D9D27B0-A443-4159-AD3C-AA3FBB661721} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9F9B69C7-F6F7-4503-A231-B73B97EE78B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {B1DE762E-D032-470E-A581-4EDF54CF7B86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {C9822CC6-5DFB-4BA3-BE69-236C1F4DD5E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {CBA53509-FAC8-416F-9BF4-6ECA50B10765} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D955188B-6BE1-43B7-85C7-6119F46A22CA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E95D8770-F366-4F16-B3D0-FB71291215EC} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {F34A538F-DFF2-402D-BF7F-AE60BA39FE5C} - System32\Tasks\HPCeeScheduleForJeems Bond => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJeems Bond.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-11-05 13:25 - 2014-10-27 15:38 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-20 17:20 - 2010-01-20 17:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-06-10 17:42 - 2010-06-10 17:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-08-21 01:00 - 2014-08-21 01:00 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 17:26 - 2010-06-18 17:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-18 17:26 - 2010-06-18 17:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 17:26 - 2010-06-18 17:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-08-22 20:44 - 2014-08-22 20:44 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-24 01:34 - 2014-11-24 01:34 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112400\algo.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-08-22 20:44 - 2014-08-22 20:44 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-24 22:08 - 2014-10-30 21:27 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1564916474-592535189-1143590070-500 - Administrator - Disabled)
Guest (S-1-5-21-1564916474-592535189-1143590070-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1564916474-592535189-1143590070-1002 - Limited - Enabled)
Jeems Bond (S-1-5-21-1564916474-592535189-1143590070-1000 - Administrator - Enabled) => C:\Users\Jeems Bond

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 25%
Total physical RAM: 7930.9 MB
Available physical RAM: 5947.34 MB
Total Pagefile: 15859.98 MB
Available Pagefile: 13559.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.21 GB) (Free:95.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.59 GB) (Free:2.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 278E4C1C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================


Edited by GnarlyRadical, 24 November 2014 - 12:03 PM.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:28 AM

Posted 24 November 2014 - 04:22 PM

There’s not too much there since we got rid of the adware/spyware.


P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

 

  • doubleclick CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

     

     

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 GnarlyRadical

GnarlyRadical
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 24 November 2014 - 11:58 PM

Thank you for the prompt reply, its amazing. So far no bluescreen restarts caused by a virus, wow, it looks like the extra scanning programs have found and removed the culprit. lol. Ill remove the Utorrent, I can't afford graphic design/film/music software to make art as I dont make money doing it but oh well. My question is, if I have gotten rid of the virus, will the software that I got from Utorrent continue to add more viruses or if I have removed the virus, then the software is clean?

 

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\sony\vegas pro 10.0\keygen.exe
c:\program files\sony\vegas pro 11.0\keygen.exe
c:\program files\sony\vegas pro 11.0\sony vegas pro 10.0c+keygen(works with windows7) [ kk ].rar
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked02.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked03.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked04.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked05.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_decor_wallcrack01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_ground_groundcrack01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_ground_groundcrack02.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks02.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks03.pb.bytes
c:\users\jeems bond\downloads\sony vegas pro 10.0c+keygen(works with windows7) [ kk ]\instructions.txt
c:\users\jeems bond\downloads\sony vegas pro 10.0c+keygen(works with windows7) [ kk ]\sony vegas pro 10.0c+keygen(works with windows7) [ kk ].rar
c:\users\jeems bond\downloads\sony vegas pro 10.0c+keygen(works with windows7) [ kk ]\x32\x32.rar
c:\users\jeems bond\downloads\sony vegas pro 10.0c+keygen(works with windows7) [ kk ]\x64\keygen.exe
c:\users\jeems bond\downloads\sony vegas pro 10.0c+keygen(works with windows7) [ kk ]\x64\vegaspro100c_64bit.exe
c:\users\jeems bond\downloads\sony vegas pro 10.0c+keygen(works with windows7) [ kk ]\x64\x64.rar
c:\users\jeems bond\downloads\sony vegas pro v11.0.510 64 bit (patch keygen di) [chingliu]\vegaspro11.0.511_64bit.exe
c:\users\jeems bond\downloads\sony vegas pro v11.0.510 64 bit (patch keygen di) [chingliu]\sony.products.multikeygen.v2.0.keygen.and.patch.only.read.nfo-di\diginsan.nfo
c:\users\jeems bond\downloads\sony vegas pro v11.0.510 64 bit (patch keygen di) [chingliu]\sony.products.multikeygen.v2.0.keygen.and.patch.only.read.nfo-di\file_id.diz
c:\users\jeems bond\downloads\sony vegas pro v11.0.510 64 bit (patch keygen di) [chingliu]\sony.products.multikeygen.v2.0.keygen.and.patch.only.read.nfo-di\keygen.exe
c:\users\jeems bond\downloads\sony vegas pro v11.0.510 64 bit (patch keygen di) [chingliu]\sony.products.multikeygen.v2.0.keygen.and.patch.only.read.nfo-di\sound forge 10 bugfix for 32 bit windows.reg
c:\users\jeems bond\downloads\sony vegas pro v11.0.510 64 bit (patch keygen di) [chingliu]\sony.products.multikeygen.v2.0.keygen.and.patch.only.read.nfo-di\sound forge 10 bugfix for 64 bit windows.reg
c:\users\jeems bond\music\sample magic - minimal & tech house\tops loops\tops loops 127bpm\mth_top_127_crackers.wav.asd
scanner sequence 3.ZZ.11.FONAOZ
 ----- EOF -----
 

Attached Files



#7 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:28 AM

Posted 25 November 2014 - 03:52 AM

Hi GnarlyRadical

 

Ill remove the Utorrent, I can't afford graphic design/film/music software to make art

That doesn't condone "stealing" it.
 

will the software that I got from Utorrent continue to add more viruses or if I have removed the virus, then the software is clean?

The infections are usually embedded in the programs - this is the way the bad guys spread their havoc.

You'll need to get rid of all the illegal stuff found in the scan, then run the scan again to show that it has been removed otherwise I can't give you further assistance.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:28 AM

Posted 26 November 2014 - 05:41 PM

Hi GnarlyRadical

It has been a couple of days since I sent the last instructions/suggestions.

Please let me know if you still want help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 GnarlyRadical

GnarlyRadical
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 26 November 2014 - 06:24 PM

Its true I need your help and I am grateful.
I am learning how to remove viruses, well, trying to, like a pro. By reading some of the materials, and eventually I can learn how to remove viruses myself using all kinds of scanners, tools, methods, research.

 

I apologize for using pirated software. It is not my wish to do that. But because I am a starving artist, I don't have any choice. I spend a lot of time producing electronic music and learning how to make it, as well as making films and working on my art projects. I have never made any money doing any of this and I know it is a poor excuse but when the time comes when I am making money doing it I can buy the software. In fact, many people who started off doing this way have eventually brought the software when they become more financially efficient as artitsts.

 

I can't quit making art that is too much to ask of me. I have worked too hard and spent too much money on art school and a lot of time that if I were to choose not to use the software, that means I would quit doing art. I can't do that. I cannot give up on my art projects.



#10 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:28 AM

Posted 26 November 2014 - 06:42 PM

I am learning how to remove viruses, well, trying to, like a pro.
Unless you are doing this with expert guidance, that's not possible.

By reading some of the materials, and eventually I can learn how to remove viruses myself using all kinds of scanners, tools, methods, research.
That is also not possible; otherwise everybody would do it and these forums would not be so heavily populated. I spent 2 years being trained by the top people in this field and am still learning and asking for their advice.

Dabbling with malware can have very serious consequences unless you are trained and have the ongoing support of those who are complete experts in that field.

That said, I understand that you are passionate about your art but I'm afraid that we do not condone the "theft" of software, (piracy).

Please let me know what you decide to do.

Satchfan

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:28 AM

Posted 28 November 2014 - 08:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users