Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

referred from Trend Micro to review my log


  • This topic is locked This topic is locked
28 replies to this topic

#1 falora

falora

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 January 2015 - 04:16 PM

I ran a scan with Trend Micro, and they recommend having the log reviewed by you good folks to determine what REALLY should be removed, instead of chopping the whole lot.  Can someone point me in the right direction?

 

Issues I am having include not being able to access microsoft sites, i.e. outlook.com on one of the profiles on my PC, as well as not being able to access their help sites. I have also seemed to have lost shockwave plugins in Chrome in that profile, as well as the admin profile.  The log is copied below, and thanks in advance for your advice! 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:58:31 PM, on 10/01/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Desktop\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Desktop\Downloads\HijackThis (1).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: IE Search Set (SearchProtectionService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9634 bytes
 


BC AdBot (Login to Remove)

 


m

#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 12 January 2015 - 08:18 AM

Hello falora and welcome to BleepingComputer! :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.  :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

So, which version of Windows and Antivirus you're using?


Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 falora

falora
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 12 January 2015 - 08:13 PM

I have Windows 7, and use Bit Defender Total Security for Antivirus.

And after trying Trend Micro's scanner yesterday, as well as downloading a couple others (which I have not yet run after seeing your note) I now have no access from all profiles again.  I really appreciate your help and insight.  Microsoft was less than helpful. 

 

 

 

 

Here are the two logs from Farbar:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Dean at 2015-01-12 20:10:21
Running from C:\Users\Dean\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labors of Hercules (x32 Version: 3.0.2.59 - WildTangent) Hidden
12 Labors of Hercules II: The Cretan Bull (x32 Version: 3.0.2.59 - WildTangent) Hidden
Abandoned: Chestnut Lodge Asylum (x32 Version: 3.0.2.59 - WildTangent) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adam's Venture 3: Revelations (x32 Version: 3.0.2.59 - WildTangent) Hidden
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alice: Behind the Mirror (x32 Version: 3.0.2.59 - WildTangent) Hidden
Ancient Oracles 3 in 1 Bundle (x32 Version: 3.0.2.51 - WildTangent) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Awakening: The Goblin Kingdom (x32 Version: 3.0.2.59 - WildTangent) Hidden
Awakening: The Redleaf Forest Collector's Edition (HKLM-x32\...\BFG-Awakening - The Redleaf Forest Collectors Edition) (Version:  - )
Belkin N300 Micro USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.21.0.925 - Bitdefender)
Black Rainbow (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cadenza: Music, Betrayal and Death (HKLM-x32\...\BFG-Cadenza - Music Betrayal and Death) (Version:  - )
calibre (HKLM-x32\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Chronicles of Albian 2 - The Wizbury School of Magic (x32 Version: 3.0.2.51 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dance of Death (x32 Version: 3.0.2.59 - WildTangent) Hidden
Dark Angels: Masquerade of Shadows (x32 Version: 3.0.2.59 - WildTangent) Hidden
Dark Lore Mysteries: The Hunt For Truth (x32 Version: 3.0.2.48 - WildTangent) Hidden
Dark Mysteries: The Soul Keeper Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Dark Strokes: The Legend of Snow Kingdom Collector's Edition (HKLM-x32\...\BFG-Dark Strokes - The Legend of Snow Kingdom Collectors Edition) (Version:  - )
Dark Tales: Edgar Allan Poe's The Gold Bug (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Gold Bug) (Version:  - )
Dark Tales: Edgar Allan Poe's The Premature Burial (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Premature Burial) (Version:  - )
Dead Hungry Diner (x32 Version: 2.2.0.110 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dracula Series Part 4: The Shadow of the Dragon (x32 Version: 3.0.2.51 - WildTangent) Hidden
Dream Hills: Captured Magic (x32 Version: 3.0.2.59 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Echoes of the Past: The Citadels of Time (x32 Version: 3.0.2.59 - WildTangent) Hidden
Enchantia: Wrath of the Phoenix Queen (HKLM-x32\...\BFG-Enchantia - Wrath of the Phoenix Queen) (Version:  - )
Entwined: Strings of Deception (x32 Version: 3.0.2.32 - WildTangent) Hidden
Eraser 6.0.9.2343 (HKLM\...\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}) (Version: 6.0.2343 - The Eraser Project)
Family Tales: The Sisters (x32 Version: 3.0.2.51 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Finding Teddy (x32 Version: 3.0.2.51 - WildTangent) Hidden
Forbidden Secrets Alien Town (x32 Version: 3.0.2.48 - WildTangent) Hidden
Forgotten Books: The Enchanted Crown (HKLM-x32\...\BFG-Forgotten Books - The Enchanted Crown) (Version:  - )
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GenuTax Standard (HKLM-x32\...\{C4E3435E-F101-47AD-B9CB-8756E04CD754}) (Version: 1.42 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greed: The Mad Scientist (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Haunted Past Realm of Ghosts Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
Hope Lake (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP IDF Software (HKLM-x32\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Hypnosis (x32 Version: 3.0.2.51 - WildTangent) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inception of Darkness: Exorcist 3 (x32 Version: 3.0.2.38 - WildTangent) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingdom's Heyday (x32 Version: 3.0.2.59 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Les Miserables: Cosette's Fate (x32 Version: 3.0.2.59 - WildTangent) Hidden
Les Miserables: Jean Valjean (x32 Version: 3.0.2.59 - WildTangent) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Living Legends: Ice Rose Collector's Edition (x32 Version: 3.0.2.51 - WildTangent) Hidden
Lost Civilization (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Tales: Forgotten Souls (HKLM-x32\...\BFG-Lost Tales - Forgotten Souls) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mind's Eye: Secrets Of The Forgotten (HKLM-x32\...\Mind's Eye: Secrets Of The Forgotten) (Version:  - Alawar Entertainment Inc.)
Mountain Trap: The Manor of Memories (x32 Version: 3.0.2.48 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
My Kingdom for the Princess 4 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Mysteries & Nightmares: Morgiana (x32 Version: 3.0.2.59 - WildTangent) Hidden
Mystery Agency: Visions In Time (x32 Version: 3.0.2.32 - WildTangent) Hidden
Mystery Murders: The Sleeping Palace (x32 Version: 3.0.2.51 - WildTangent) Hidden
Mystery Trackers: Raincliff (x32 Version: 3.0.2.51 - WildTangent) Hidden
Nearwood Collector's Edition (x32 Version: 3.0.2.51 - WildTangent) Hidden
Night Mysteries: The Amphora Prisoner (x32 Version: 3.0.2.59 - WildTangent) Hidden
Nightmares from the Deep: The Siren's Call (HKLM-x32\...\BFG-Nightmares from the Deep - The Sirens Call) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Old Painting's Ghost (x32 Version: 3.0.2.51 - WildTangent) Hidden
Portal of Evil: Stolen Runes Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Pro PC Cleaner (HKLM-x32\...\{23497AFC-382C-417E-AC1F-42D98A5A8ADA}) (Version: 2.5.6 - Rainmaker Software Group LLC.)
Queen's Quest: Tower of Darkness Platinum Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Questerium: Sinister Trinity (x32 Version: 3.0.2.59 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Qvo 6 Virus Removal Tool (1) (HKLM-x32\...\Qvo 6 Virus Removal Tool (1)_is1) (Version: build_1.0.0.155_rev_3434_date_12:01:28 10-04-14 - Security Stronghold)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Runaway Geisha Gold Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}) (Version: 2.01.0014 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Shadows: Price for Our Sins (x32 Version: 3.0.2.48 - WildTangent) Hidden
Silent Scream II: The Bride (x32 Version: 3.0.2.59 - WildTangent) Hidden
Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
Space Legends: At The Edge Of The Universe (x32 Version: 3.0.2.59 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Tales From The Dragon Mountain 2: The Lair (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Book of Desires (x32 Version: 3.0.2.38 - WildTangent) Hidden
The Curse of Silent Marshes (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Dreamatorium of Dr. Magnus (x32 Version: 3.0.2.51 - WildTangent) Hidden
The Fog (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Other Side: Tower Of Souls (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Saint: Abyss of Despair (x32 Version: 3.0.2.48 - WildTangent) Hidden
The Scruffs: Return of the Duke (x32 Version: 2.2.0.98 - WildTangent) Hidden
Theatre of the Absurd Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Voyage to Fantasy: Part 1 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Warlock: The Curse of the Shaman (x32 Version: 3.0.2.59 - WildTangent) Hidden
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
Where Angels Cry (x32 Version: 3.0.2.32 - WildTangent) Hidden
White Haven Mysteries Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Witches' Pranks: Frog's Fortune Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => ?
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a19b25ae-a670-47d4-99cb-dd513aa9e73e.job => ?
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b1784c81-f7c1-43ad-921c-8af3673669a7.job => ?
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-10-13 10:02 - 2014-10-13 10:02 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0474F714
AlternateDataStreams: C:\ProgramData\Temp:04D30F4C
AlternateDataStreams: C:\ProgramData\Temp:09629F6E
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6
AlternateDataStreams: C:\ProgramData\Temp:183A9046
AlternateDataStreams: C:\ProgramData\Temp:1999DD0A
AlternateDataStreams: C:\ProgramData\Temp:1A7FC483
AlternateDataStreams: C:\ProgramData\Temp:1B1A061C
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:2313511A
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2B40A7DB
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD
AlternateDataStreams: C:\ProgramData\Temp:2F70C0B4
AlternateDataStreams: C:\ProgramData\Temp:2F7C40B6
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED
AlternateDataStreams: C:\ProgramData\Temp:3C8B784A
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:48D6EA0F
AlternateDataStreams: C:\ProgramData\Temp:494E4266
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4F852702
AlternateDataStreams: C:\ProgramData\Temp:5164A01F
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:59540531
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5C717402
AlternateDataStreams: C:\ProgramData\Temp:60E755E6
AlternateDataStreams: C:\ProgramData\Temp:63C48B80
AlternateDataStreams: C:\ProgramData\Temp:667D4A95
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6DA9822F
AlternateDataStreams: C:\ProgramData\Temp:6DD124E2
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7BB20DE8
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7E47A57F
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
AlternateDataStreams: C:\ProgramData\Temp:8F1B55BE
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:934CA750
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:A015B193
AlternateDataStreams: C:\ProgramData\Temp:A4241298
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A73595DE
AlternateDataStreams: C:\ProgramData\Temp:A9056F42
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9F877BF
AlternateDataStreams: C:\ProgramData\Temp:AB0A5A80
AlternateDataStreams: C:\ProgramData\Temp:AC9F291E
AlternateDataStreams: C:\ProgramData\Temp:B01EC114
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B8791731
AlternateDataStreams: C:\ProgramData\Temp:BBC9C1EB
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:C00C7190
AlternateDataStreams: C:\ProgramData\Temp:C368C9EA
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C89D1773
AlternateDataStreams: C:\ProgramData\Temp:C8E3A625
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
AlternateDataStreams: C:\ProgramData\Temp:CCD8056E
AlternateDataStreams: C:\ProgramData\Temp:CF391C0F
AlternateDataStreams: C:\ProgramData\Temp:D1FE35E7
AlternateDataStreams: C:\ProgramData\Temp:D4DD372D
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D7D0B4AF
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:E2295807
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:E9C2F553
AlternateDataStreams: C:\ProgramData\Temp:EA2D3047
AlternateDataStreams: C:\ProgramData\Temp:EDF12A30
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F7BF538D
AlternateDataStreams: C:\ProgramData\Temp:FD6DB82C
AlternateDataStreams: C:\Users\Dean\Downloads\bfginstaller32_s1_l1.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\CeRegEdit_Setup_0.0.5.2.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\Download_MaxSDRDM.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\FileFormatConverters.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\FreemakeVideoConverterSetup.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\jre-8u25-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\Office2003SP3-KB923618-FullFile-ENU.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\Windows-KB890830-x64-V5.19.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\Adaware_Installer.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\bitdefender_pc_2013_online.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\chromeinstall-7u45.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\DriverNavigator_Setup.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\GTStandardSetupV142.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\HijackThis (1).exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\HijackThis.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\infinst_autol.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\KindleForPC-installer (1).exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\KindleForPC-installer.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\MicrosoftFixit.Printing.Run.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\Qvo6VirusRemovalTool.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\Setup-hpdesktop.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\SkypeSetupFull.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\sp46265.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\sp46442.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\SUPERAntiSpyware.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\winzip18-lan_en.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\winzip19.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FreeAgentGoNext Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: SafeBox => 2
MSCONFIG\startupfolder: C:^Users^Desktop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 70644FAE50B6649AD3C620BD0614402D839AF4C3._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
MSCONFIG\startupreg: Bitdefender Wallet => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender Wallet Application Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2362535687-1667434202-1739124910-500 - Administrator - Disabled)
Dean (S-1-5-21-2362535687-1667434202-1739124910-1003 - Limited - Enabled) => C:\Users\Dean
Desktop (S-1-5-21-2362535687-1667434202-1739124910-1000 - Administrator - Enabled) => C:\Users\Desktop
Guest (S-1-5-21-2362535687-1667434202-1739124910-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2362535687-1667434202-1739124910-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2015 01:00:10 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
Error: (01/10/2015 11:40:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5883d030-f8b6-4719-becc-5fe28f0fe7a5}
 
Error: (01/03/2015 09:40:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 39.0.2171.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b8c
 
Start Time: 01d026cc9be2d850
 
Termination Time: 580
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 6df1e300-9356-11e4-a1e6-90e6ba95b7cd
 
Error: (01/02/2015 06:26:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service GamesAppIntegrationService since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/02/2015 06:24:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00b1c22f-4547-403f-86fe-58eb73b6082b}
 
Error: (01/02/2015 06:16:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c9c
 
Start Time: 01d026e0da2a4af9
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
Report Id: 5b4adcf7-92d5-11e4-a1e6-90e6ba95b7cd
 
Error: (01/01/2015 04:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: gameux.dll, version: 6.1.7601.18020, time stamp: 0x50c1ebf2
Exception code: 0xc0000005
Fault offset: 0x0000000000009654
Faulting process id: 0x9b0
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3
 
Error: (12/28/2014 04:59:25 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
Error: (12/21/2014 08:24:54 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
Error: (12/14/2014 00:03:29 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
 
System errors:
=============
Error: (01/12/2015 07:02:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
%%1053
 
Error: (01/12/2015 07:02:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
 
Error: (01/10/2015 00:05:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/10/2015 00:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MaxMerger service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/10/2015 00:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MaxWatchDogService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/07/2015 04:48:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (01/07/2015 04:48:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (01/04/2015 00:46:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.
 
Error: (01/04/2015 00:00:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (01/04/2015 00:00:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
 
Microsoft Office Sessions:
=========================
Error: (01/11/2015 01:00:10 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The device is not ready. (0x80070015)
 
Error: (01/10/2015 11:40:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5883d030-f8b6-4719-becc-5fe28f0fe7a5}
 
Error: (01/03/2015 09:40:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.95b8c01d026cc9be2d850580C:\Program Files (x86)\Google\Chrome\Application\chrome.exe6df1e300-9356-11e4-a1e6-90e6ba95b7cd
 
Error: (01/02/2015 06:26:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service GamesAppIntegrationService since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (01/02/2015 06:24:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00b1c22f-4547-403f-86fe-58eb73b6082b}
 
Error: (01/02/2015 06:16:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.181c9c01d026e0da2a4af90C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe5b4adcf7-92d5-11e4-a1e6-90e6ba95b7cd
 
Error: (01/01/2015 04:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmiprvse.exe6.1.7601.175144ce79d42gameux.dll6.1.7601.1802050c1ebf2c000000500000000000096549b001d0260868166a62C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\gameux.dllac001163-91fb-11e4-a231-90e6ba95b7cd
 
Error: (12/28/2014 04:59:25 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The device is not ready. (0x80070015)
 
Error: (12/21/2014 08:24:54 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The device is not ready. (0x80070015)
 
Error: (12/14/2014 00:03:29 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The device is not ready. (0x80070015)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-02 17:31:02.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 17:18:01.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 17:17:01.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-29 21:32:08.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-29 17:59:31.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 21:17:55.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 18:19:12.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 17:36:06.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 17:09:06.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 03:26:02.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 63%
Total physical RAM: 6134.23 MB
Available physical RAM: 2247.34 MB
Total Pagefile: 12266.63 MB
Available Pagefile: 8346.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:584.13 GB) (Free:461.59 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Dean (ATTENTION: The logged in user is not administrator) on DESKTOP-PC on 12-01-2015 20:09:20
Running from C:\Users\Dean\Downloads
Loaded Profile: Dean (Available profiles: Desktop & Dean)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1104824 2012-11-11] (Samsung)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-19] (Google Inc.)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Run: [AE0518705073E712A53AC7F86A768EDBB288974C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Run: [iLivid] => "C:\Users\Dean\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-18\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-2362535687-1667434202-1739124910-1003\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2362535687-1667434202-1739124910-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {4FCB030E-56F9-472D-BBE4-1594E155C653} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {79C65008-DFCC-4E94-A931-1007B74A6C5D} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4FCB030E-56F9-472D-BBE4-1594E155C653} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {79C65008-DFCC-4E94-A931-1007B74A6C5D} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-2362535687-1667434202-1739124910-1003 -> {79C65008-DFCC-4E94-A931-1007B74A6C5D} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2362535687-1667434202-1739124910-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2362535687-1667434202-1739124910-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2013-11-02]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-03-29]
CHR Extension: (Plants vs. Zombies HD) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdfeknjbgfbkmemaoffkebceonhcjfd [2013-03-09]
CHR Extension: (Beat the Boot (by Google)) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl [2013-02-19]
CHR Extension: (Angry Birds) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-05-02]
CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Bitdefender Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2013-11-03]
CHR Extension: (Adblock Plus) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-17]
CHR Extension: (Monster Dash) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog [2013-02-19]
CHR Extension: (Google Search) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Arthur's Present Wrapping Game) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddidfaalpiolpljhkmcoaaeeaagihgek [2013-05-02]
CHR Extension: (ICE Quick Stream) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-08-06]
CHR Extension: (Causality Games) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2013-02-19]
CHR Extension: (AdBlock) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-17]
CHR Extension: (Creatures & Castles) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd [2013-02-19]
CHR Extension: (Arcane Legends) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-05-02]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-02-19]
CHR Extension: (Skyrama) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2013-02-19]
CHR Extension: (Angry Gran Run) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmlmnbjfkijdjmkkfpnjfgckkkpjjof [2013-03-09]
CHR Extension: (Poppit!) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-05-02]
CHR Extension: (Plants vs Zombies) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-09-13]
CHR Extension: (Lagoonia) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjcaihkcddgdgaghmnmfpkkfilombbm [2013-05-02]
CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Monsters House) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjpaihmfeancekndfgoplnjlcdfdnb [2013-03-09]
CHR Extension: (Burger Shop 2) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiahdjilmlekhacfggeipddaklcbiljf [2013-05-02]
CHR Extension: (Gmail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-23] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S4 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-28] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [143872 2008-03-27] (Mars Semiconductor Corp.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-05-13] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2015-01-10] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 20:09 - 2015-01-12 20:09 - 00025554 _____ () C:\Users\Dean\Downloads\FRST.txt
2015-01-12 20:06 - 2015-01-12 20:09 - 00000000 ____D () C:\FRST
2015-01-12 20:02 - 2015-01-12 20:02 - 02124288 _____ (Farbar) C:\Users\Dean\Downloads\FRST64.exe
2015-01-12 18:45 - 2015-01-12 18:45 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\SUPERAntiSpyware.com
2015-01-11 22:19 - 2015-01-11 22:19 - 00276466 _____ () C:\Users\Desktop\Desktop\errorlog.xml
2015-01-10 21:18 - 2015-01-10 21:18 - 00009635 _____ () C:\Users\Desktop\Desktop\hijackthis.log
2015-01-10 15:58 - 2015-01-10 15:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HijackThis (1).exe
2015-01-10 15:56 - 2015-01-10 15:58 - 00009635 _____ () C:\Users\Desktop\Downloads\hijackthis.log
2015-01-10 15:53 - 2015-01-10 15:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HijackThis.exe
2015-01-10 15:17 - 2015-01-10 15:26 - 00000000 ____D () C:\Program Files (x86)\Qvo 6 Virus Removal Tool (1)
2015-01-10 15:17 - 2015-01-10 15:17 - 00001382 _____ () C:\Users\Desktop\Desktop\Qvo 6 Virus Removal Tool (1).lnk
2015-01-10 15:17 - 2015-01-10 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qvo 6 Virus Removal Tool (1)
2015-01-10 15:17 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2015-01-10 15:17 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2015-01-10 15:17 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2015-01-10 15:17 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2015-01-10 15:06 - 2015-01-11 22:05 - 00000000 ____D () C:\Users\Desktop\Documents\ProPCCleaner
2015-01-10 15:05 - 2015-01-10 15:07 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-01-10 15:05 - 2015-01-10 15:05 - 00001001 _____ () C:\Users\Public\Desktop\Pro PC Cleaner.lnk
2015-01-10 15:05 - 2015-01-10 15:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Rainmaker Software Group LLC.​
2015-01-10 15:05 - 2015-01-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-01-10 15:01 - 2015-01-10 15:01 - 03249776 _____ (Security Stronghold ) C:\Users\Desktop\Downloads\Qvo6VirusRemovalTool(1).exe
2015-01-10 15:00 - 2015-01-10 15:00 - 00232424 _____ () C:\Users\Desktop\Downloads\Qvo6VirusRemovalTool.exe
2015-01-10 12:37 - 2015-01-10 12:37 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-01-10 12:35 - 2015-01-12 18:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-10 12:35 - 2015-01-12 12:35 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b1784c81-f7c1-43ad-921c-8af3673669a7.job
2015-01-10 12:35 - 2015-01-11 12:45 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a19b25ae-a670-47d4-99cb-dd513aa9e73e.job
2015-01-10 12:35 - 2015-01-10 12:35 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-01-10 12:35 - 2015-01-10 12:35 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\SUPERAntiSpyware.com
2015-01-10 12:35 - 2015-01-10 12:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-10 12:35 - 2015-01-10 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-10 12:27 - 2015-01-10 12:27 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-10 12:27 - 2015-01-10 12:27 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-10 12:27 - 2015-01-10 12:27 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-10 12:27 - 2015-01-10 12:27 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\LavasoftStatistics
2015-01-10 12:27 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-10 12:26 - 2015-01-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-10 12:26 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-10 12:25 - 2015-01-10 12:39 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Lavasoft
2015-01-10 12:24 - 2015-01-12 07:03 - 00002323 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-10 12:24 - 2015-01-10 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-10 12:21 - 2015-01-10 12:21 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-10 12:18 - 2015-01-10 12:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-10 12:16 - 2015-01-10 12:25 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-10 12:16 - 2015-01-10 12:16 - 01924232 _____ () C:\Users\Desktop\Downloads\Adaware_Installer.exe
2015-01-10 12:15 - 2015-01-10 12:16 - 20977864 _____ (SUPERAntiSpyware) C:\Users\Desktop\Downloads\SUPERAntiSpyware.exe
2015-01-04 17:59 - 2015-01-04 17:59 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Lazy Turtle Games
2015-01-04 11:46 - 2015-01-04 12:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0D194EED.sys
2015-01-04 00:03 - 2015-01-04 00:07 - 00039810 _____ () C:\Windows\wininit.ini
2015-01-03 20:15 - 2015-01-03 20:15 - 00000000 ____D () C:\Users\Desktop\Documents\ProcAlyzer Dumps
2015-01-02 18:19 - 2015-01-02 18:23 - 00000000 ____D () C:\ProgramData\Max Secure
2015-01-02 18:04 - 2015-01-02 18:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-02 18:04 - 2015-01-02 18:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-02 18:04 - 2015-01-02 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-02 18:04 - 2015-01-02 18:04 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-02 18:04 - 2015-01-02 18:04 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-02 18:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-02 17:32 - 2015-01-02 17:33 - 271159592 _____ (Max Secure Software ) C:\Users\Dean\Desktop\MaxSpywaredetectorRx64.exe
2015-01-02 17:14 - 2015-01-02 17:14 - 00000000 ____D () C:\Users\Dean\AppData\Local\Max Secure Software
2015-01-02 17:13 - 2015-01-11 22:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 17:13 - 2015-01-02 17:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-02 17:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 17:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 17:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 17:12 - 2015-01-02 17:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dean\Downloads\spybot-2.4.exe
2015-01-02 17:11 - 2015-01-02 17:14 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\GetRightToGo
2015-01-02 17:11 - 2015-01-02 17:11 - 00368256 ____N (RegNow.com) C:\Users\Dean\Downloads\Download_MaxSDRDM.exe
2015-01-02 17:10 - 2015-01-02 17:17 - 123368360 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\Office2003SP3-KB923618-FullFile-ENU.exe
2015-01-02 17:10 - 2015-01-02 17:13 - 38808920 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\FileFormatConverters.exe
2015-01-02 17:10 - 2015-01-02 17:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-02 17:09 - 2015-01-02 17:10 - 36904648 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-01 16:15 - 2015-01-01 16:15 - 00000000 ____D () C:\Windows\pss
2015-01-01 15:57 - 2015-01-01 15:57 - 00002289 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\Program Files\WinZip
2015-01-01 15:55 - 2015-01-01 15:55 - 00906024 _____ ( ) C:\Users\Desktop\Downloads\winzip19.exe
2015-01-01 15:48 - 2015-01-01 15:48 - 01798638 _____ () C:\Users\Desktop\Downloads\tools_v6.1.0.zip
2015-01-01 14:39 - 2015-01-01 14:48 - 63012864 _____ () C:\Users\Desktop\Downloads\calibre-2.14.0.msi
2015-01-01 13:49 - 2015-01-01 13:49 - 00000000 ____D () C:\Users\Dean\AppData\Temp
2015-01-01 12:45 - 2015-01-01 12:45 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieBrowserModeList
2015-01-01 11:55 - 2015-01-01 11:55 - 00000000 ____D () C:\Users\Dean\AppData\Local\{B1A4DA2D-D08A-416F-A3B6-B22E8F7470C2}
2015-01-01 11:54 - 2015-01-01 11:54 - 00000000 ____D () C:\Users\Dean\AppData\Local\{8ED7E07C-8989-406B-830C-62333D53AF6E}
2014-12-31 19:16 - 2014-12-31 19:17 - 00000000 ____D () C:\Users\Dean\AppData\Local\{1866E3AC-1046-49C0-99D1-1489BC9ECD46}
2014-12-31 07:16 - 2014-12-31 07:16 - 00000000 ____D () C:\Users\Dean\AppData\Local\{9FA92D20-9A4E-4C81-8229-33C5C21625AD}
2014-12-30 19:15 - 2014-12-30 19:16 - 00000000 ____D () C:\Users\Dean\AppData\Local\{F8CCCFAD-8B3B-4704-B53D-676482C4D8AC}
2014-12-30 07:14 - 2014-12-30 07:15 - 00000000 ____D () C:\Users\Dean\AppData\Local\{05784EB4-C9C2-4BC1-BB37-394782254415}
2014-12-28 09:44 - 2014-12-29 09:46 - 00000000 ____D () C:\Users\Dean\AppData\Local\{E01F3E2C-73C4-4200-9EFE-C95471B143BC}
2014-12-27 09:42 - 2014-12-27 21:43 - 00000000 ____D () C:\Users\Dean\AppData\Local\{6371AB52-6E47-4A49-B584-F3B3D864319C}
2014-12-26 15:28 - 2015-01-01 15:11 - 00000000 ____D () C:\Users\Desktop\Documents\My Kindle Content
2014-12-26 15:28 - 2014-12-26 15:28 - 00002247 _____ () C:\Users\Desktop\Desktop\Kindle.lnk
2014-12-26 15:24 - 2014-12-26 15:28 - 38157960 _____ (Amazon.com) C:\Users\Desktop\Downloads\KindleForPC-installer (1).exe
2014-12-23 19:12 - 2014-12-25 19:16 - 00000000 ____D () C:\Users\Dean\AppData\Local\{E0FB8A78-A3ED-4D52-94AF-1804BD575F5A}
2014-12-23 06:55 - 2014-12-23 06:55 - 00000000 ____D () C:\Users\Dean\AppData\Local\{55E28D87-4F0E-4FE3-AC56-F5E132D7F037}
2014-12-22 17:55 - 2014-12-22 17:55 - 00000000 ____D () C:\Users\Dean\AppData\Local\{065A1747-0FA9-483F-AD1F-4A6BE4D25696}
2014-12-21 13:10 - 2014-12-24 20:05 - 00000000 ____D () C:\Users\Dean\Desktop\Truck pics
2014-12-21 08:25 - 2014-12-21 20:26 - 00000000 ____D () C:\Users\Dean\AppData\Local\{7EA311FE-EDB2-4125-A94C-6CE9E2D12CD6}
2014-12-19 14:27 - 2014-12-20 14:30 - 00000000 ____D () C:\Users\Dean\AppData\Local\{1C352CC3-6CC5-40B3-B379-3DDBC924813D}
2014-12-18 07:22 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:22 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 07:19 - 2014-12-18 19:21 - 00000000 ____D () C:\Users\Dean\AppData\Local\{207B0CBA-02D9-4203-AF79-6DC455FC7C9F}
2014-12-17 16:43 - 2014-12-17 16:43 - 00000000 ____D () C:\Users\Dean\AppData\Local\{6F55A939-795C-4B49-A73A-6A97D54F5A8D}
2014-12-16 10:00 - 2014-12-16 22:01 - 00000000 ____D () C:\Users\Dean\AppData\Local\{D461F54C-54C4-4756-A504-AE17B7B8E018}
2014-12-15 09:59 - 2014-12-15 22:00 - 00000000 ____D () C:\Users\Dean\AppData\Local\{2C3C4A30-956A-4D3B-AD17-E72C3BBF6A30}
2014-12-14 09:57 - 2014-12-14 21:58 - 00000000 ____D () C:\Users\Dean\AppData\Local\{2685DFBB-B0D9-4AA6-8634-E3A4F53797DB}
2014-12-13 21:55 - 2014-12-13 21:56 - 00000000 ____D () C:\Users\Dean\AppData\Local\{5C1993AA-C0B7-4441-B45F-35CF393034C0}
2014-12-13 12:18 - 2014-12-13 12:18 - 00037474 _____ () C:\ProgramData\1418491040.bdinstall.bin
2014-12-13 12:16 - 2014-12-13 12:16 - 01338416 _____ () C:\Users\Desktop\Downloads\bitdefender_pc_2013_online.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 20:09 - 2010-03-30 10:36 - 01109743 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 20:05 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 20:05 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 20:00 - 2012-01-04 07:04 - 00087992 _____ () C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 19:57 - 2013-02-19 20:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 19:30 - 2012-09-04 20:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 10:57 - 2013-02-19 20:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 07:02 - 2014-07-13 18:23 - 00000000 ___RD () C:\Users\Dean\Dropbox
2015-01-12 07:02 - 2014-07-13 18:19 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Dropbox
2015-01-12 07:02 - 2012-01-04 07:03 - 00001230 __RSH () C:\Users\Dean\ntuser.pol
2015-01-12 07:02 - 2012-01-04 07:03 - 00000000 ____D () C:\Users\Dean
2015-01-12 07:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 07:01 - 2009-07-13 23:51 - 00068310 _____ () C:\Windows\setupact.log
2015-01-12 06:59 - 2012-01-03 18:30 - 00463816 _____ () C:\Windows\PFRO.log
2015-01-11 22:01 - 2012-01-02 18:29 - 00000632 __RSH () C:\Users\Desktop\ntuser.pol
2015-01-04 17:59 - 2014-07-07 17:22 - 00002542 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2015-01-04 17:59 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 11:46 - 2013-07-27 20:14 - 00172032 ___SH () C:\Users\Desktop\Desktop\Thumbs.db
2015-01-04 11:23 - 2009-07-13 23:45 - 00343328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 11:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2015-01-03 10:38 - 2012-07-20 10:07 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2015-01-03 09:31 - 2013-03-13 15:36 - 00000000 ____D () C:\Users\Desktop\Documents\Stuff for Sale
2015-01-01 16:13 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Desktop\Documents\Calibre Library
2015-01-01 16:05 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\calibre
2015-01-01 16:03 - 2013-02-22 18:04 - 00000000 ____D () C:\Users\Desktop\Downloads\ebooks
2015-01-01 15:51 - 2013-02-22 18:08 - 00000962 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-01 15:51 - 2013-02-22 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-01 15:51 - 2013-02-22 18:08 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-01-01 14:17 - 2012-11-08 19:07 - 00000000 ___RD () C:\Users\Desktop\Dropbox
2015-01-01 14:17 - 2012-01-17 17:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Dropbox
2015-01-01 12:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 10:33 - 2012-11-08 19:07 - 00001029 _____ () C:\Users\Desktop\Desktop\Dropbox.lnk
2014-12-24 19:33 - 2012-12-21 19:40 - 00000000 ____D () C:\Users\Dean\Documents\Stuff for Sale
2014-12-24 13:42 - 2013-09-08 16:35 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\8Floor
2014-12-24 13:38 - 2012-01-17 19:51 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-18 07:25 - 2014-07-13 18:23 - 00001020 _____ () C:\Users\Dean\Desktop\Dropbox.lnk
2014-12-18 07:25 - 2014-07-13 18:22 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 09:36 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzehvd7.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
 
==================== End Of Log ============================
 
 
 
 


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 14 January 2015 - 02:10 PM

Hi falora.

 

Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution. Uninstall either Adware Antivirus or Bitdefender Total Security.

 

 

We need to remove some programs with Revo Uninstaller Free:

 

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Google Toolbar for Internet Explorer
    Homepage Protection
    HP Games
    Java 7 Update 71
    Pro PC Cleaner 
    Qvo 6 Virus Removal Tool (1)
    WildTangent Games
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 falora

falora
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 15 January 2015 - 09:42 PM

Hi again,

I did as you asked, did the Revo, then did the AdwCleaner...here is the log from the latter:

 

# AdwCleaner v4.107 - Report created 15/01/2015 at 21:37:12
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Desktop - DESKTOP-PC
# Running from : C:\Users\Desktop\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\ProgramData\Alawar Entertainment
Folder Found : C:\ProgramData\AlawarEntertainment
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl
Folder Found : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog
Folder Found : C:\Users\Dean\AppData\Local\Max Secure Software
Folder Found : C:\Users\Dean\AppData\Roaming\AlawarEntertainment
Folder Found : C:\Users\Desktop\AppData\Local\globalUpdate
Folder Found : C:\Users\Desktop\AppData\Roaming\Alawar Entertainment
Folder Found : C:\Users\Desktop\AppData\Roaming\AlawarEntertainment
Folder Found : C:\Users\Desktop\AppData\Roaming\iWin
Folder Found : C:\Users\Desktop\AppData\Roaming\quickclick
Folder Found : C:\Windows\SysWOW64\Save
 
***** [ Scheduled Tasks ] *****
 
Task Found : ProPCCleaner_Start
Task Found : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
[C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5652 octets] - [15/01/2015 21:37:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5712 octets] ##########


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 16 January 2015 - 01:44 PM

Hi falora.

 

Did you use CanadianTire search on Internet Explorer?

 

Also, did you play Mind's Eye: Secrets Of The Forgotten?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 falora

falora
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 20 January 2015 - 08:17 AM

Yes, we do search Canadian Tire's website.  It is quite likely we either played, or loaded to play the game listed in your note, either through Big Fish Games, or Wild Tangent.  



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 21 January 2015 - 11:39 AM

Hi falora.

 

WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.

 

 

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, please uncheck these lines if present:
  • Folder tab:
    
    C:\ProgramData\Alawar Entertainment
    C:\ProgramData\AlawarEntertainment
    C:\Users\Dean\AppData\Roaming\AlawarEntertainment
    C:\Users\Desktop\AppData\Roaming\Alawar Entertainment
    C:\Users\Desktop\AppData\Roaming\AlawarEntertainment
    
    Chrome Tab:
    
    hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

 

After the scan was finished, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 falora

falora
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 22 January 2015 - 06:34 PM

I had already removed wild tangent at your first suggestion, so it was not there to remove any further.  I followed the remaining instructions, and here is the file it generated.  I am not sure what you mean by creating a new FRST log for you.

 

# AdwCleaner v4.108 - Report created 22/01/2015 at 18:21:02
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Desktop - DESKTOP-PC
# Running from : C:\Users\Desktop\Downloads\adwcleaner_4.108.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\Alawar Entertainment
[x] Not Deleted : C:\ProgramData\AlawarEntertainment
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Windows\SysWOW64\Save
Folder Deleted : C:\Users\Dean\AppData\Local\Max Secure Software
[x] Not Deleted : C:\Users\Dean\AppData\Roaming\AlawarEntertainment
Folder Deleted : C:\Users\Desktop\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Desktop\AppData\Roaming\iWin
Folder Deleted : C:\Users\Desktop\AppData\Roaming\quickclick
[x] Not Deleted : C:\Users\Desktop\AppData\Roaming\Alawar Entertainment
[x] Not Deleted : C:\Users\Desktop\AppData\Roaming\AlawarEntertainment
Folder Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog
Folder Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79C65008-DFCC-4E94-A931-1007B74A6C5D}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Myfree Codec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.99
 
 
*************************
 
AdwCleaner[R0].txt - [5828 octets] - [15/01/2015 21:37:12]
AdwCleaner[R1].txt - [5558 octets] - [22/01/2015 17:24:11]
AdwCleaner[S0].txt - [5333 octets] - [22/01/2015 18:21:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5393 octets] ##########


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 23 January 2015 - 12:05 AM

Hi falora.

 

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 falora

falora
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 23 January 2015 - 09:40 AM

Okay, here you go!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Desktop at 2015-01-23 09:37:59
Running from C:\Users\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Amazon Kindle) (Version:  - Amazon)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Awakening: The Redleaf Forest Collector's Edition (HKLM-x32\...\BFG-Awakening - The Redleaf Forest Collectors Edition) (Version:  - )
Belkin N300 Micro USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.21.0.925 - Bitdefender)
Cadenza: Music, Betrayal and Death (HKLM-x32\...\BFG-Cadenza - Music Betrayal and Death) (Version:  - )
calibre (HKLM-x32\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Strokes: The Legend of Snow Kingdom Collector's Edition (HKLM-x32\...\BFG-Dark Strokes - The Legend of Snow Kingdom Collectors Edition) (Version:  - )
Dark Tales: Edgar Allan Poe's The Gold Bug (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Gold Bug) (Version:  - )
Dark Tales: Edgar Allan Poe's The Premature Burial (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Premature Burial) (Version:  - )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Enchantia: Wrath of the Phoenix Queen (HKLM-x32\...\BFG-Enchantia - Wrath of the Phoenix Queen) (Version:  - )
Eraser 6.0.9.2343 (HKLM\...\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}) (Version: 6.0.2343 - The Eraser Project)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Forgotten Books: The Enchanted Crown (HKLM-x32\...\BFG-Forgotten Books - The Enchanted Crown) (Version:  - )
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GenuTax Standard (HKLM-x32\...\{C4E3435E-F101-47AD-B9CB-8756E04CD754}) (Version: 1.42 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP IDF Software (HKLM-x32\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Lost Tales: Forgotten Souls (HKLM-x32\...\BFG-Lost Tales - Forgotten Souls) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mind's Eye: Secrets Of The Forgotten (HKLM-x32\...\Mind's Eye: Secrets Of The Forgotten) (Version:  - Alawar Entertainment Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
MyFreeCodec (HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\MyFreeCodec) (Version:  - )
Nightmares from the Deep: The Siren's Call (HKLM-x32\...\BFG-Nightmares from the Deep - The Sirens Call) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}) (Version: 2.01.0014 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
White Haven Mysteries Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
22-01-2015 08:03:08 Scheduled Checkpoint
22-01-2015 18:37:41 Revo Uninstaller's restore point - McAfee Security Scan Plus
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {011ED3B0-E145-4757-937E-79C1D263403D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {20B415ED-11DE-4602-8A0E-AF4B3D2AA9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {2C3BB974-00F6-4FDD-AA07-5D8CE1B7A68D} - System32\Tasks\{DBF13E42-A87D-4EB5-A1E9-83702A1C2579} => C:\Program Files (x86)\JoWood\Dead Reefs\DeadReefs.exe
Task: {2F2A1B3A-DCA6-4135-AA7D-90F3A5753C46} - System32\Tasks\{8A1267DE-671D-4741-AC99-26A880D4C012} => C:\Program Files (x86)\JoWood\Dead Reefs\DeadReefs.exe
Task: {43A7C49E-2C90-4677-92CE-CA7CFD8E4EA5} - System32\Tasks\{B3CD10AF-4F74-4279-B8E3-9CC0B66F336D} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Task: {44E80BCE-A699-442F-9CD7-CDF9AA78E9B7} - System32\Tasks\ScanToPCActivationApp.exe_{36CF6B8C-BEC1-4026-8781-D11787E677CE} => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
Task: {4713BF46-4EE5-4A94-86FC-F370D14C0C50} - System32\Tasks\{B9CF69FD-D40F-46E4-846A-A4A3FC35FD5E} => C:\Program Files (x86)\JoWood\Dead Reefs\DeadReefs.exe
Task: {522518E6-2FD7-4DD0-B31D-DB850FAA2384} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {53665354-2F7B-48E7-A378-8C22E68E1268} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5647C775-027B-4EA1-A78E-A74ABB8EA0B1} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {7ED5FBE9-EFED-4F0A-A92D-FB134D5946D7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {82C0BD57-8BB3-408E-A91F-6319020C655D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {86584C16-CCFC-4860-90C5-3EBA71E20953} - System32\Tasks\{29F6C251-1C44-4371-8DAE-406E8E41A91E} => C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
Task: {91DC99D6-2DF5-4506-971A-E363EF9A2A8E} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {99AD6C31-BA60-49C6-B147-8D6CD7AED1B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {9FACC7E6-9220-4E9D-A44F-F5C0B8CCAAF9} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {A92B0687-9930-427C-8DFD-5FE5BECA175B} - System32\Tasks\{9B51A180-E78A-41DA-AEA1-48DCB8524346} => C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
Task: {B3533CC2-ADDE-4561-9304-34E502F00E10} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-13 10:02 - 2014-10-13 10:02 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-08-13 08:39 - 2014-08-13 08:39 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-11-02 22:31 - 2011-11-14 18:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2013-11-02 22:33 - 2014-08-13 07:50 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-27 13:55 - 2014-07-27 13:55 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_017\ashttpbr.mdl
2014-07-27 13:55 - 2014-07-27 13:55 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_017\ashttpdsp.mdl
2014-07-27 13:55 - 2014-07-27 13:55 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_017\ashttpph.mdl
2014-07-27 13:55 - 2014-07-27 13:55 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_017\ashttprbl.mdl
2013-02-18 12:37 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2015-01-02 18:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-02 18:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-02 18:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-02 18:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-02 18:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00070464 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00171368 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00089928 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2014-12-16 12:10 - 2014-12-16 12:10 - 00041304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-01-17 09:02 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 09:02 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 09:02 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 09:02 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-17 09:02 - 2015-01-08 19:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0474F714
AlternateDataStreams: C:\ProgramData\Temp:04D30F4C
AlternateDataStreams: C:\ProgramData\Temp:09629F6E
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6
AlternateDataStreams: C:\ProgramData\Temp:183A9046
AlternateDataStreams: C:\ProgramData\Temp:1999DD0A
AlternateDataStreams: C:\ProgramData\Temp:1A7FC483
AlternateDataStreams: C:\ProgramData\Temp:1B1A061C
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:2313511A
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2B40A7DB
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD
AlternateDataStreams: C:\ProgramData\Temp:2F70C0B4
AlternateDataStreams: C:\ProgramData\Temp:2F7C40B6
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED
AlternateDataStreams: C:\ProgramData\Temp:3C8B784A
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:48D6EA0F
AlternateDataStreams: C:\ProgramData\Temp:494E4266
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4F852702
AlternateDataStreams: C:\ProgramData\Temp:5164A01F
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:59540531
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5C717402
AlternateDataStreams: C:\ProgramData\Temp:60E755E6
AlternateDataStreams: C:\ProgramData\Temp:63C48B80
AlternateDataStreams: C:\ProgramData\Temp:667D4A95
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6DA9822F
AlternateDataStreams: C:\ProgramData\Temp:6DD124E2
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7BB20DE8
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7E47A57F
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
AlternateDataStreams: C:\ProgramData\Temp:8F1B55BE
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:934CA750
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:A015B193
AlternateDataStreams: C:\ProgramData\Temp:A4241298
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A73595DE
AlternateDataStreams: C:\ProgramData\Temp:A9056F42
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9F877BF
AlternateDataStreams: C:\ProgramData\Temp:AB0A5A80
AlternateDataStreams: C:\ProgramData\Temp:AC9F291E
AlternateDataStreams: C:\ProgramData\Temp:B01EC114
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B8791731
AlternateDataStreams: C:\ProgramData\Temp:BBC9C1EB
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:C00C7190
AlternateDataStreams: C:\ProgramData\Temp:C368C9EA
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C89D1773
AlternateDataStreams: C:\ProgramData\Temp:C8E3A625
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
AlternateDataStreams: C:\ProgramData\Temp:CCD8056E
AlternateDataStreams: C:\ProgramData\Temp:CF391C0F
AlternateDataStreams: C:\ProgramData\Temp:D1FE35E7
AlternateDataStreams: C:\ProgramData\Temp:D4DD372D
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D7D0B4AF
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:E2295807
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:E9C2F553
AlternateDataStreams: C:\ProgramData\Temp:EA2D3047
AlternateDataStreams: C:\ProgramData\Temp:EDF12A30
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F7BF538D
AlternateDataStreams: C:\ProgramData\Temp:FD6DB82C
AlternateDataStreams: C:\Users\Dean\Downloads\bfginstaller32_s1_l1.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\CeRegEdit_Setup_0.0.5.2.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\Download_MaxSDRDM.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\FileFormatConverters.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\FreemakeVideoConverterSetup.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\jre-8u25-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\Office2003SP3-KB923618-FullFile-ENU.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Dean\Downloads\Windows-KB890830-x64-V5.19.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\Adaware_Installer.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\adwcleaner_4.108.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\bitdefender_pc_2013_online.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\chromeinstall-7u45.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\DriverNavigator_Setup.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\GTStandardSetupV142.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\HijackThis (1).exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\HijackThis.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\infinst_autol.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\KindleForPC-installer (1).exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\KindleForPC-installer.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\MicrosoftFixit.Printing.Run.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\Qvo6VirusRemovalTool.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\revosetup.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\Setup-hpdesktop.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\SkypeSetupFull.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\sp46265.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\sp46442.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\SUPERAntiSpyware.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\winzip18-lan_en.exe:BDU
AlternateDataStreams: C:\Users\Desktop\Downloads\winzip19.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FreeAgentGoNext Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: SafeBox => 2
MSCONFIG\startupfolder: C:^Users^Desktop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 70644FAE50B6649AD3C620BD0614402D839AF4C3._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
MSCONFIG\startupreg: Bitdefender Wallet => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender Wallet Application Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2362535687-1667434202-1739124910-500 - Administrator - Disabled)
Dean (S-1-5-21-2362535687-1667434202-1739124910-1003 - Limited - Enabled) => C:\Users\Dean
Desktop (S-1-5-21-2362535687-1667434202-1739124910-1000 - Administrator - Enabled) => C:\Users\Desktop
Guest (S-1-5-21-2362535687-1667434202-1739124910-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2362535687-1667434202-1739124910-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2015 00:03:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
Error: (01/15/2015 07:38:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Report.exe, version: 1.0.0.0, time stamp: 0x52de1640
Faulting module name: Report.exe, version: 1.0.0.0, time stamp: 0x52de1640
Exception code: 0xc0000090
Fault offset: 0x00022e7f
Faulting process id: 0x17d0
Faulting application start time: 0xReport.exe0
Faulting application path: Report.exe1
Faulting module path: Report.exe2
Report Id: Report.exe3
 
Error: (01/15/2015 05:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x1ce0
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
 
Error: (01/15/2015 05:32:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: rundll32.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
   at System.Configuration.ClientConfigurationSystem.EnsureInit(System.String)
   at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(System.String)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.PrivilegedConfigurationManager.GetSection(System.String)
   at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
   at System.Diagnostics.DiagnosticsConfiguration.Initialize()
   at System.Diagnostics.DiagnosticsConfiguration.get_Sources()
   at System.Diagnostics.TraceSource.Initialize()
   at System.Net.Logging.InitializeLogging()
   at System.Net.Logging.get_On()
   at System.Net.WebRequest.Create(System.Uri, Boolean)
   at System.Net.WebRequest.Create(System.String)
   at Helper.Common+.()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (01/15/2015 08:21:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15bc
 
Start Time: 01d030c5d15ffa79
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (01/11/2015 01:00:10 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
Error: (01/10/2015 11:40:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5883d030-f8b6-4719-becc-5fe28f0fe7a5}
 
Error: (01/03/2015 09:40:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 39.0.2171.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b8c
 
Start Time: 01d026cc9be2d850
 
Termination Time: 580
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 6df1e300-9356-11e4-a1e6-90e6ba95b7cd
 
Error: (01/02/2015 06:26:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service GamesAppIntegrationService since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/02/2015 06:24:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00b1c22f-4547-403f-86fe-58eb73b6082b}
 
 
System errors:
=============
Error: (01/22/2015 06:21:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Live ID Sign-in Assistant service, but this action failed with the following error: 
%%1056
 
Error: (01/22/2015 06:21:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/22/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/18/2015 00:03:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The device is not ready. (0x80070015)
 
Error: (01/15/2015 07:38:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Report.exe1.0.0.052de1640Report.exe1.0.0.052de1640c000009000022e7f17d001d03124c65c993aC:\Program Files (x86)\Qvo 6 Virus Removal Tool (1)\Report.exeC:\Program Files (x86)\Qvo 6 Virus Removal Tool (1)\Report.exe06a08fe1-9d18-11e4-a56b-90e6ba95b7cd
 
Error: (01/15/2015 05:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d1ce001d031131b19e982C:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\KERNELBASE.dll64e9c74c-9d06-11e4-a56b-90e6ba95b7cd
 
Error: (01/15/2015 05:32:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: rundll32.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
   at System.Configuration.ClientConfigurationSystem.EnsureInit(System.String)
   at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(System.String)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.PrivilegedConfigurationManager.GetSection(System.String)
   at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
   at System.Diagnostics.DiagnosticsConfiguration.Initialize()
   at System.Diagnostics.DiagnosticsConfiguration.get_Sources()
   at System.Diagnostics.TraceSource.Initialize()
   at System.Net.Logging.InitializeLogging()
   at System.Net.Logging.get_On()
   at System.Net.WebRequest.Create(System.Uri, Boolean)
   at System.Net.WebRequest.Create(System.String)
   at Helper.Common+.()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (01/15/2015 08:21:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749615bc01d030c5d15ffa790C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Error: (01/11/2015 01:00:10 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The device is not ready. (0x80070015)
 
Error: (01/10/2015 11:40:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5883d030-f8b6-4719-becc-5fe28f0fe7a5}
 
Error: (01/03/2015 09:40:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.95b8c01d026cc9be2d850580C:\Program Files (x86)\Google\Chrome\Application\chrome.exe6df1e300-9356-11e4-a1e6-90e6ba95b7cd
 
Error: (01/02/2015 06:26:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service GamesAppIntegrationService since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (01/02/2015 06:24:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00b1c22f-4547-403f-86fe-58eb73b6082b}
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-02 17:31:02.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 17:18:01.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 17:17:01.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-29 21:32:08.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00212_063\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-29 17:59:31.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 21:17:55.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 18:19:12.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 17:36:06.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 17:09:06.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-27 03:26:02.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00211_062\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 6134.23 MB
Available physical RAM: 3162.39 MB
Total Pagefile: 12266.64 MB
Available Pagefile: 8884.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:584.13 GB) (Free:504.42 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: B8564745)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Desktop (administrator) on DESKTOP-PC on 23-01-2015 09:37:03
Running from C:\Users\Desktop\Downloads
Loaded Profiles: Desktop (Available profiles: Desktop & Dean)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\MountPoints2: J - J:\LaunchU3.exe
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\...\MountPoints2: {08dc7cd1-b111-11e2-9622-90e6ba95b7cd} - J:\LaunchU3.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-18\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-2362535687-1667434202-1739124910-1003\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2362535687-1667434202-1739124910-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2362535687-1667434202-1739124910-1000] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2362535687-1667434202-1739124910-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {4FCB030E-56F9-472D-BBE4-1594E155C653} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {4FCB030E-56F9-472D-BBE4-1594E155C653} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2362535687-1667434202-1739124910-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2013-11-02]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-11-30]
CHR Extension: (Google Docs) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-17]
CHR Extension: (Google Drive) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-17]
CHR Extension: (Bitdefender Wallet) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2013-11-03]
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-17]
CHR Extension: (Google Wallet) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-17]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-23] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S4 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-28] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [143872 2008-03-27] (Mars Semiconductor Corp.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-05-13] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2015-01-10] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 09:37 - 2015-01-23 09:37 - 00018900 _____ () C:\Users\Desktop\Downloads\FRST.txt
2015-01-23 09:36 - 2015-01-23 09:36 - 02126848 _____ (Farbar) C:\Users\Desktop\Downloads\FRST64.exe
2015-01-22 16:33 - 2015-01-22 16:33 - 02186752 _____ () C:\Users\Desktop\Downloads\adwcleaner_4.108.exe
2015-01-20 07:00 - 2015-01-20 07:00 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Lavasoft
2015-01-15 21:37 - 2015-01-22 18:21 - 00000000 ____D () C:\AdwCleaner
2015-01-15 08:19 - 2015-01-15 08:19 - 00000000 __SHD () C:\Users\Desktop\AppData\Local\EmieUserList
2015-01-15 08:19 - 2015-01-15 08:19 - 00000000 __SHD () C:\Users\Desktop\AppData\Local\EmieSiteList
2015-01-15 08:19 - 2015-01-15 08:19 - 00000000 __SHD () C:\Users\Desktop\AppData\Local\EmieBrowserModeList
2015-01-15 08:01 - 2015-01-15 08:01 - 00001270 _____ () C:\Users\Desktop\Desktop\Revo Uninstaller.lnk
2015-01-15 08:01 - 2015-01-15 08:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-15 08:00 - 2015-01-15 08:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Desktop\Downloads\revosetup.exe
2015-01-14 21:30 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 02:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 02:01 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 02:01 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 02:01 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 02:01 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 02:01 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 02:01 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 02:01 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 02:01 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 02:01 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 02:01 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 02:01 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 20:10 - 2015-01-12 20:11 - 00048021 _____ () C:\Users\Dean\Downloads\Addition.txt
2015-01-12 20:09 - 2015-01-12 20:11 - 00043403 _____ () C:\Users\Dean\Downloads\FRST.txt
2015-01-12 20:06 - 2015-01-23 09:37 - 00000000 ____D () C:\FRST
2015-01-12 20:02 - 2015-01-12 20:02 - 02124288 _____ (Farbar) C:\Users\Dean\Downloads\FRST64.exe
2015-01-12 18:45 - 2015-01-12 18:45 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\SUPERAntiSpyware.com
2015-01-11 22:19 - 2015-01-11 22:19 - 00276466 _____ () C:\Users\Desktop\Desktop\errorlog.xml
2015-01-10 21:18 - 2015-01-10 21:18 - 00009635 _____ () C:\Users\Desktop\Desktop\hijackthis.log
2015-01-10 15:58 - 2015-01-10 15:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HijackThis (1).exe
2015-01-10 15:56 - 2015-01-10 15:58 - 00009635 _____ () C:\Users\Desktop\Downloads\hijackthis.log
2015-01-10 15:53 - 2015-01-10 15:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HijackThis.exe
2015-01-10 15:17 - 2015-01-15 19:38 - 00000000 ____D () C:\Program Files (x86)\Qvo 6 Virus Removal Tool (1)
2015-01-10 15:17 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2015-01-10 15:17 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2015-01-10 15:17 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2015-01-10 15:17 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2015-01-10 15:06 - 2015-01-15 17:32 - 00000000 ____D () C:\Users\Desktop\Documents\ProPCCleaner
2015-01-10 15:06 - 2015-01-10 15:06 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Rainmaker_Software_Group_
2015-01-10 15:05 - 2015-01-10 15:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Rainmaker Software Group LLC.​
2015-01-10 15:01 - 2015-01-10 15:01 - 03249776 _____ (Security Stronghold ) C:\Users\Desktop\Downloads\Qvo6VirusRemovalTool(1).exe
2015-01-10 15:00 - 2015-01-10 15:00 - 00232424 _____ () C:\Users\Desktop\Downloads\Qvo6VirusRemovalTool.exe
2015-01-10 12:37 - 2015-01-10 12:37 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-01-10 12:35 - 2015-01-23 09:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-10 12:35 - 2015-01-10 12:35 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-01-10 12:35 - 2015-01-10 12:35 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\SUPERAntiSpyware.com
2015-01-10 12:35 - 2015-01-10 12:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-10 12:35 - 2015-01-10 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-10 12:27 - 2015-01-10 12:27 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-10 12:27 - 2015-01-10 12:27 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-10 12:27 - 2015-01-10 12:27 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-10 12:27 - 2015-01-10 12:27 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\LavasoftStatistics
2015-01-10 12:27 - 2015-01-10 12:27 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Lavasoft
2015-01-10 12:27 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-10 12:26 - 2015-01-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-10 12:26 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-10 12:25 - 2015-01-10 12:39 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Lavasoft
2015-01-10 12:24 - 2015-01-23 08:53 - 00002323 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-10 12:24 - 2015-01-10 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-10 12:21 - 2015-01-10 12:21 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-10 12:18 - 2015-01-10 12:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-10 12:16 - 2015-01-10 12:25 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-10 12:16 - 2015-01-10 12:16 - 01924232 _____ () C:\Users\Desktop\Downloads\Adaware_Installer.exe
2015-01-10 12:15 - 2015-01-10 12:16 - 20977864 _____ (SUPERAntiSpyware) C:\Users\Desktop\Downloads\SUPERAntiSpyware.exe
2015-01-04 17:59 - 2015-01-04 17:59 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Lazy Turtle Games
2015-01-04 11:46 - 2015-01-04 12:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0D194EED.sys
2015-01-04 00:03 - 2015-01-04 00:07 - 00039810 _____ () C:\Windows\wininit.ini
2015-01-03 20:15 - 2015-01-03 20:15 - 00000000 ____D () C:\Users\Desktop\Documents\ProcAlyzer Dumps
2015-01-02 18:19 - 2015-01-02 18:23 - 00000000 ____D () C:\ProgramData\Max Secure
2015-01-02 18:05 - 2015-01-02 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-02 18:04 - 2015-01-02 18:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-02 18:04 - 2015-01-02 18:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-02 18:04 - 2015-01-02 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-02 18:04 - 2015-01-02 18:04 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-02 18:04 - 2015-01-02 18:04 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-02 18:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-02 17:13 - 2015-01-16 16:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 17:13 - 2015-01-02 17:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-02 17:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 17:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 17:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 17:12 - 2015-01-02 17:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dean\Downloads\spybot-2.4.exe
2015-01-02 17:11 - 2015-01-02 17:14 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\GetRightToGo
2015-01-02 17:11 - 2015-01-02 17:11 - 00368256 ____N (RegNow.com) C:\Users\Dean\Downloads\Download_MaxSDRDM.exe
2015-01-02 17:10 - 2015-01-02 17:17 - 123368360 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\Office2003SP3-KB923618-FullFile-ENU.exe
2015-01-02 17:10 - 2015-01-02 17:13 - 38808920 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\FileFormatConverters.exe
2015-01-02 17:10 - 2015-01-02 17:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-02 17:09 - 2015-01-02 17:10 - 36904648 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-01 16:15 - 2015-01-01 16:15 - 00000000 ____D () C:\Windows\pss
2015-01-01 15:57 - 2015-01-01 15:57 - 00002289 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\Users\Desktop\AppData\Local\WinZip
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-01 15:57 - 2015-01-01 15:57 - 00000000 ____D () C:\Program Files\WinZip
2015-01-01 15:55 - 2015-01-01 15:55 - 00906024 _____ ( ) C:\Users\Desktop\Downloads\winzip19.exe
2015-01-01 15:48 - 2015-01-01 15:48 - 01798638 _____ () C:\Users\Desktop\Downloads\tools_v6.1.0.zip
2015-01-01 14:39 - 2015-01-01 14:48 - 63012864 _____ () C:\Users\Desktop\Downloads\calibre-2.14.0.msi
2015-01-01 14:16 - 2015-01-01 14:17 - 00000000 ____D () C:\Users\Desktop\AppData\Local\{8E030E12-ABA8-469D-A393-3663A6B9D0A3}
2015-01-01 13:49 - 2015-01-01 13:49 - 00000000 ____D () C:\Users\Dean\AppData\Temp
2015-01-01 12:45 - 2015-01-01 12:45 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieBrowserModeList
2015-01-01 11:55 - 2015-01-01 11:55 - 00000000 ____D () C:\Users\Dean\AppData\Local\{B1A4DA2D-D08A-416F-A3B6-B22E8F7470C2}
2015-01-01 11:54 - 2015-01-01 11:54 - 00000000 ____D () C:\Users\Dean\AppData\Local\{8ED7E07C-8989-406B-830C-62333D53AF6E}
2014-12-31 19:16 - 2014-12-31 19:17 - 00000000 ____D () C:\Users\Dean\AppData\Local\{1866E3AC-1046-49C0-99D1-1489BC9ECD46}
2014-12-31 07:16 - 2014-12-31 07:16 - 00000000 ____D () C:\Users\Dean\AppData\Local\{9FA92D20-9A4E-4C81-8229-33C5C21625AD}
2014-12-30 19:15 - 2014-12-30 19:16 - 00000000 ____D () C:\Users\Dean\AppData\Local\{F8CCCFAD-8B3B-4704-B53D-676482C4D8AC}
2014-12-30 07:14 - 2014-12-30 07:15 - 00000000 ____D () C:\Users\Dean\AppData\Local\{05784EB4-C9C2-4BC1-BB37-394782254415}
2014-12-28 09:44 - 2014-12-29 09:46 - 00000000 ____D () C:\Users\Dean\AppData\Local\{E01F3E2C-73C4-4200-9EFE-C95471B143BC}
2014-12-27 09:42 - 2014-12-27 21:43 - 00000000 ____D () C:\Users\Dean\AppData\Local\{6371AB52-6E47-4A49-B584-F3B3D864319C}
2014-12-26 22:30 - 2014-12-26 22:31 - 00000000 ____D () C:\Users\Desktop\AppData\Local\{2C1177EF-2A9D-43C2-B5CA-318DCCD13582}
2014-12-26 15:28 - 2015-01-01 15:11 - 00000000 ____D () C:\Users\Desktop\Documents\My Kindle Content
2014-12-26 15:28 - 2014-12-26 15:28 - 00002247 _____ () C:\Users\Desktop\Desktop\Kindle.lnk
2014-12-26 15:28 - 2014-12-26 15:28 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-12-26 15:24 - 2014-12-26 15:28 - 38157960 _____ (Amazon.com) C:\Users\Desktop\Downloads\KindleForPC-installer (1).exe
2014-12-26 10:32 - 2014-12-26 10:32 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 10:29 - 2014-12-26 10:29 - 00000000 ____D () C:\Users\Desktop\AppData\Local\{22C6075C-8079-48D5-BEE6-E34A93F7626F}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 09:32 - 2013-02-19 20:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 09:32 - 2012-01-02 18:29 - 00000632 __RSH () C:\Users\Desktop\ntuser.pol
2015-01-23 09:30 - 2012-09-04 20:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 09:02 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 09:02 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 09:00 - 2010-03-30 10:36 - 01150591 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 08:57 - 2013-02-19 20:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 08:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 08:52 - 2009-07-13 23:51 - 00069038 _____ () C:\Windows\setupact.log
2015-01-22 18:21 - 2012-01-04 07:03 - 00001230 __RSH () C:\Users\Dean\ntuser.pol
2015-01-22 18:21 - 2012-01-04 07:03 - 00000000 ____D () C:\Users\Dean
2015-01-22 18:21 - 2012-01-03 18:30 - 00467536 _____ () C:\Windows\PFRO.log
2015-01-22 07:01 - 2014-07-13 18:23 - 00000000 ___RD () C:\Users\Dean\Dropbox
2015-01-22 07:01 - 2014-07-13 18:19 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Dropbox
2015-01-18 12:25 - 2013-02-04 20:14 - 00292352 ___SH () C:\Users\Desktop\Documents\Thumbs.db
2015-01-17 13:25 - 2012-02-05 11:34 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Adobe
2015-01-17 09:02 - 2013-02-19 21:05 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 06:59 - 2013-02-19 20:28 - 00000000 ____D () C:\Program Files\Google
2015-01-16 06:59 - 2013-02-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-15 19:48 - 2012-09-07 17:55 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\WildTangent
2015-01-15 19:48 - 2012-01-17 19:51 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-15 19:48 - 2012-01-17 19:33 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\WildTangent
2015-01-15 19:48 - 2010-03-30 10:59 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-15 19:48 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-15 08:18 - 2013-02-19 20:28 - 00000000 ____D () C:\ProgramData\Google
2015-01-15 08:18 - 2013-02-19 20:27 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Google
2015-01-14 03:09 - 2013-08-04 20:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-01-03 06:59 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 20:00 - 2012-01-04 07:04 - 00087992 _____ () C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 11:46 - 2013-07-27 20:14 - 00172032 ___SH () C:\Users\Desktop\Desktop\Thumbs.db
2015-01-04 11:23 - 2009-07-13 23:45 - 00343328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 11:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2015-01-03 10:38 - 2012-07-20 10:07 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2015-01-03 10:31 - 2012-01-02 15:56 - 00087992 _____ () C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 09:31 - 2013-03-13 15:36 - 00000000 ____D () C:\Users\Desktop\Documents\Stuff for Sale
2015-01-01 16:13 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Desktop\Documents\Calibre Library
2015-01-01 16:05 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\calibre
2015-01-01 16:03 - 2013-02-22 18:04 - 00000000 ____D () C:\Users\Desktop\Downloads\ebooks
2015-01-01 15:51 - 2013-02-22 18:08 - 00000962 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-01 15:51 - 2013-02-22 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-01 15:51 - 2013-02-22 18:08 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-01-01 14:17 - 2012-11-08 19:07 - 00000000 ___RD () C:\Users\Desktop\Dropbox
2015-01-01 14:17 - 2012-01-17 17:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Dropbox
2015-01-01 12:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 15:28 - 2013-08-08 18:34 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Amazon
2014-12-26 10:33 - 2012-11-08 19:07 - 00001029 _____ () C:\Users\Desktop\Desktop\Dropbox.lnk
2014-12-26 10:33 - 2012-11-08 19:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-25 19:16 - 2014-12-23 19:12 - 00000000 ____D () C:\Users\Dean\AppData\Local\{E0FB8A78-A3ED-4D52-94AF-1804BD575F5A}
2014-12-24 20:05 - 2014-12-21 13:10 - 00000000 ____D () C:\Users\Dean\Desktop\Truck pics
2014-12-24 19:33 - 2012-12-21 19:40 - 00000000 ____D () C:\Users\Dean\Documents\Stuff for Sale
2014-12-24 13:42 - 2013-09-08 16:35 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\8Floor
 
==================== Files in the root of some directories =======
2014-10-04 16:04 - 2014-10-05 06:01 - 0000060 _____ () C:\Users\Desktop\AppData\Roaming\WB.CFG
2012-12-01 10:03 - 2012-12-01 10:07 - 0004608 _____ () C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-16 17:15 - 2014-11-26 17:11 - 0007597 _____ () C:\Users\Desktop\AppData\Local\Resmon.ResmonCfg
2012-01-03 22:52 - 2012-01-03 22:52 - 1943894 _____ () C:\ProgramData\1325638354.bdinstall.bin
2013-11-02 16:32 - 2013-11-02 16:32 - 0106281 _____ () C:\ProgramData\1383427874.bdinstall.bin
2013-11-02 17:05 - 2013-11-02 17:05 - 0386711 _____ () C:\ProgramData\1383429115.bdinstall.bin
2013-11-02 17:06 - 2013-11-02 17:06 - 0062116 _____ () C:\ProgramData\1383430003.bdinstall.bin
2013-11-03 08:14 - 2013-11-03 08:14 - 4446003 _____ () C:\ProgramData\1383430286.bdinstall.bin
2014-12-13 12:18 - 2014-12-13 12:18 - 0037474 _____ () C:\ProgramData\1418491040.bdinstall.bin
2012-10-15 19:00 - 2012-10-15 19:00 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppvbf5p.dll
C:\Users\Desktop\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Users\Desktop\AppData\Local\Temp\Quarantine.exe
C:\Users\Desktop\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 00:18
 
==================== End Of Log ============================


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 24 January 2015 - 01:18 AM

Hi falora.
 
I still see Ad-aware and Bitdefender antivirus both installed. Please uninstall one.
 
Also, please uninstall HP games. That's also comes from Wildtangent.
 
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=160804:Fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix was completed, please create new FRST log for me.

 

Thank you.

 

 


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 27 January 2015 - 08:40 AM

It had been three days since my last reply. Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 falora

falora
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 27 January 2015 - 10:56 AM

My apologies...I have been unable to reply yet, as I haven't had a chance to go over your last email information due to unexpected circumstances.  I am finally free this evening to get at it, and will post when complete.  



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:29 PM

Posted 27 January 2015 - 11:04 AM

No problems, just keep us updated. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users