Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ScorpionSaver/Level Quality Watcher/Adpeak


  • Please log in to reply

#1
arachnae

arachnae

    Member

  • Member
  • PipPip
  • 22 posts
Hello, I have picked up some malware. There is a popup window when a link is clicked on in one of my forums also, when highlighted words are rolled a popup on the page ad appear. I have deleted it a few times via control panel but it re-downloads itself.

Thanks in advance

OLT:

OTL logfile created on: 12/30/2013 3:12:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arachnaes 2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 34.60% Memory free
5.73 Gb Paging File | 3.20 Gb Available in Paging File | 55.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.52 Gb Total Space | 182.01 Gb Free Space | 64.19% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 2.34 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.38 Mb Free Space | 96.02% Space Free | Partition Type: FAT32
Drive G: | 1.89 Gb Total Space | 1.59 Gb Free Space | 84.18% Space Free | Partition Type: FAT

Computer Name: ARACHNAE-LAPTOP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/30 14:04:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arachnaes 2\Desktop\OTL.exe
PRC - [2013/12/16 07:54:00 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/15 00:57:26 | 000,067,072 | ---- | M] (mozilla.org) -- C:\Users\Arachnaes 2\AppData\Local\SeaMonkey\seamonkey.exe
PRC - [2013/12/15 00:57:26 | 000,010,240 | ---- | M] (Mozilla Corporation) -- C:\Users\Arachnaes 2\AppData\Local\SeaMonkey\plugin-container.exe
PRC - [2013/12/12 19:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\WinampPro\winampa.exe
PRC - [2013/12/12 02:57:11 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/20 10:29:38 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/20 10:29:38 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/20 10:29:38 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/20 10:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/20 10:29:36 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/09/16 18:13:28 | 000,039,528 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/01/03 02:38:04 | 001,265,368 | ---- | M] (Robomagic Corp.) -- C:\Program Files (x86)\Robomagic\MoonPhase\moon.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/16 07:54:00 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/15 00:57:28 | 003,198,464 | ---- | M] () -- C:\Users\Arachnaes 2\AppData\Local\SeaMonkey\mozjs.dll
MOD - [2013/12/15 00:57:28 | 000,150,528 | ---- | M] () -- C:\Users\Arachnaes 2\AppData\Local\SeaMonkey\nsldap32v60.dll
MOD - [2013/12/15 00:57:28 | 000,014,848 | ---- | M] () -- C:\Users\Arachnaes 2\AppData\Local\SeaMonkey\nsldappr32v60.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/10 10:10:24 | 000,513,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/11/15 01:31:48 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/12/16 07:54:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/27 05:54:24 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/20 10:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/15 01:34:28 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/11/15 01:31:44 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/09/16 18:13:28 | 000,039,528 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/25 12:50:29 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/07/25 12:50:29 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/07/25 12:50:29 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/29 17:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/30 16:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 18:34:34 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/02/24 14:48:07 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/05 12:57:18 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/02/24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/22 18:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...K1AA0E3809E3809
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoo...K1AA0E3809E3809
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{184A6215-0EE8-4E69-A836-E8B230190329}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2B6AF103-7E26-4725-9904-833898375CB4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...K1AA0E3809E3809
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoo...K1AA0E3809E3809
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{184A6215-0EE8-4E69-A836-E8B230190329}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2B6AF103-7E26-4725-9904-833898375CB4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{184A6215-0EE8-4E69-A836-E8B230190329}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2B6AF103-7E26-4725-9904-833898375CB4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Bitdefender.com/PasswordManager;version=0.4: C:\Program Files\Bitdefender\Bitdefender BETA\Antispam32\pmbxnp.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011/10/24 10:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/10/24 10:12:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender BETA\Antispam32\ffpwdman\
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.20\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/08/27 07:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.20\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2013/10/19 18:51:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2011/05/20 00:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2011/02/14 22:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013/03/18 04:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\SeaMonkey\Profiles\9zhwmw5f.Default User\extensions
[2013/03/18 04:23:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\HP\AppData\Roaming\mozilla\SeaMonkey\Profiles\9zhwmw5f.Default User\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/03/02 08:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\SeaMonkey\Profiles\pv282qlu.default\extensions

========== Chrome ==========

CHR - default_search_provider: nationzoom (Enabled)
CHR - default_search_provider: search_url = http://www.nationzoo...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.nationzoo...K1AA0E3809E3809
CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Fancy Gaming Simplifier = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\
CHR - Extension: Click Trap Remover And Shortlinker = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpgpnhpamnbamgbpdhegjehippjdgd\2.0_0\
CHR - Extension: YouTube = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\
CHR - Extension: Google Search = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.3.3487_0\
CHR - Extension: TimelineRemove = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\1.1.0_0\
CHR - Extension: Best free games online = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebloljdjoljibdnklhefbdefolabkd\1.2_0\
CHR - Extension: Click Trap Remover And Shortlinker = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbjnnkbagjpofgaljnneciaeihcnogno\1.2.3_0\
CHR - Extension: avast! Online Security = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: English Speaking Challenge = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnanhablceodofhmhpppmeakoamhknkc\0.5_0\
CHR - Extension: TLRemove = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk\1.5.0_0\
CHR - Extension: Dirt Farmer's Click Trap Remover = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpkdoghndaeolkpcikaieakkfjnall\1.1.0_0\
CHR - Extension: WeatherBug = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\
CHR - Extension: FarmVille by Zynga = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchlepkjiaohpppcjacoldhlidbcfhan\1.0.1_0\
CHR - Extension: Deactivate Or Disable Facebook Timeline = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloifipfpidfdknplfjndcomgebnlcon\3.0_0\
CHR - Extension: Easy Cover Maker = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblmajehpcninlogbicfamdnhbflpmkc\2_1\
CHR - Extension: FV Extender Classic = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcllnphghagindkpdjodfjghgcinabik\3.1.21_0\
CHR - Extension: Google Voice (by Google) = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0\
CHR - Extension: Pic Maker = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmgcbgahjfokkiniknnafmeoaolkfab\0.1_0\
CHR - Extension: Virtual Pets spiders - Ragno = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\leihhelbinenpijekdoabkgehbkphdcg\1.1_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\4.4.2_0\
CHR - Extension: Poppit = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Hello Kitty = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld\1.1_0\
CHR - Extension: Facebook Cover Maker & Editor = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjibidejkfaggepnbcnobhinfpojlcmb\5.888_0\
CHR - Extension: GetSavin = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: Facebook Covers = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinjeagflheledfiihhbilplepebhhcn\3.888_0\
CHR - Extension: Gmail = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/27 21:09:47 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (no name) - {09F58E74-42B4-4D70-BA26-35FC954E7A17} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (GetSavin 5.0) - {ABA738E9-190B-46BC-A299-D98294EA7AAB} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\WinampPro\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [System settings protector] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\26d38c84-238f-4f8d-b258-c530d9ccb0af.exe (AVAST Software)
O4 - HKLM..\RunOnce: [SpybotDeletingE1797] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [SpybotDeletingE4951] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [SpybotDeletingF2412] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [SpybotDeletingF9029] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{109BE952-F55B-41D5-9C1B-97BA25D9074C}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{109BE952-F55B-41D5-9C1B-97BA25D9074C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B980954-4BB5-4883-849A-40479CD0B0E3}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{04a4fa17-4a81-11e0-8176-78acc043ac88}\Shell - "" = AutoRun
O33 - MountPoints2\{04a4fa17-4a81-11e0-8176-78acc043ac88}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{fa62d0ca-7c2c-11e0-a636-78acc043ac88}\Shell - "" = AutoRun
O33 - MountPoints2\{fa62d0ca-7c2c-11e0-a636-78acc043ac88}\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/28 03:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/28 03:27:36 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/12/28 03:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/28 03:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/28 03:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/25 19:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
[2013/12/25 02:13:31 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysNative\AdpeakProxy64.dll
[2013/12/25 02:13:27 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysWow64\AdpeakProxy.dll
[2013/12/19 11:57:27 | 000,000,000 | ---D | C] -- C:\temp
[2013/12/18 15:34:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/12/18 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/12/18 15:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/12/16 07:50:31 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/16 07:50:31 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/14 12:38:15 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/14 12:38:14 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/14 12:38:13 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/14 12:38:11 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/14 12:36:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/14 12:36:29 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/14 12:36:29 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/14 12:36:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/14 12:36:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/14 12:36:27 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/14 12:36:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/14 12:36:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/14 12:36:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/14 12:36:25 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/14 12:36:25 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/14 12:36:25 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/14 12:36:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/14 12:36:21 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/14 12:36:20 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/14 12:36:16 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/14 03:22:15 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/14 03:22:15 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/14 03:22:12 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/14 03:22:12 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/14 03:22:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/14 03:21:51 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/14 03:21:51 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/14 03:21:42 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/14 03:21:42 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/14 03:21:42 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/14 03:21:42 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/14 03:21:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/14 03:21:41 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/13 09:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/04 13:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2013/12/04 13:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/12/01 23:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/01 04:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2013/12/01 04:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2013/12/01 02:09:58 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\DMV
[70 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/30 15:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 14:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/30 14:23:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001UA.job
[2013/12/30 13:32:30 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/30 13:32:30 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/30 13:24:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 13:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/30 02:53:10 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForARACHNAE-LAPTOP$.job
[2013/12/29 19:23:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001Core.job
[2013/12/28 23:23:21 | 000,001,998 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MoonPhase.lnk
[2013/12/28 02:27:52 | 000,001,546 | ---- | M] () -- C:\Windows\wininit.ini
[2013/12/27 21:09:47 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/26 21:14:23 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/26 21:14:23 | 000,663,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/26 21:14:23 | 000,122,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/25 19:27:16 | 000,002,572 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/25 19:27:16 | 000,002,570 | ---- | M] () -- C:\Users\HP\Desktop\Google Chrome.lnk
[2013/12/25 16:12:19 | 000,000,986 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/12/25 15:41:39 | 000,306,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 14:17:30 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131227-210947.backup
[2013/12/25 14:16:41 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131225-141730.backup
[2013/12/18 15:32:27 | 000,001,064 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/18 10:38:53 | 000,007,599 | ---- | M] () -- C:\Users\HP\AppData\Local\resmon.resmoncfg
[2013/12/16 07:54:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/16 07:54:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/16 07:24:44 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131225-141641.backup
[2013/12/13 09:08:24 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/04 20:02:20 | 000,002,357 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/04 13:31:04 | 000,002,655 | ---- | M] () -- C:\Users\HP\Desktop\Google Chrome (2).lnk
[2013/12/04 13:31:00 | 000,001,611 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/01 09:25:41 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131216-072444.backup
[70 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/28 23:23:21 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MoonPhase.lnk
[2013/12/25 15:41:24 | 000,306,808 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/18 15:32:27 | 000,001,064 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/16 07:50:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/13 09:08:24 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/01 23:36:26 | 000,002,572 | ---- | C] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/01 23:36:26 | 000,002,357 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/01 04:45:35 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/08/17 15:56:26 | 000,000,078 | ---- | C] () -- C:\Windows\pbupdate.ini
[2013/07/29 13:28:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/03/29 09:15:07 | 000,234,382 | ---- | C] () -- C:\ProgramData\1364573565.bdinstall.bin
[2013/03/28 17:05:29 | 000,925,128 | ---- | C] () -- C:\ProgramData\1364514600.bdinstall.bin
[2013/03/28 16:45:27 | 000,073,027 | ---- | C] () -- C:\ProgramData\1364514130.bdinstall.bin
[2013/03/28 16:42:10 | 000,022,959 | ---- | C] () -- C:\ProgramData\1364514128.bdinstall.bin
[2013/03/28 16:07:49 | 000,162,753 | ---- | C] () -- C:\ProgramData\1364511310.bdinstall.bin
[2013/02/04 15:02:29 | 000,001,546 | ---- | C] () -- C:\Windows\wininit.ini
[2012/09/13 06:31:03 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/14 13:35:00 | 000,005,038 | ---- | C] () -- C:\Users\HP\Guardian ad litem Letter-attendance.rtf
[2011/07/31 16:23:19 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\{18752A19-1974-4F30-A4D1-6D94225B51BA}
[2011/05/14 22:05:27 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\{A575220F-25C7-4240-B7C0-042525C2D24B}
[2011/03/01 08:53:47 | 000,007,599 | ---- | C] () -- C:\Users\HP\AppData\Local\resmon.resmoncfg
[2011/02/25 19:03:20 | 000,001,854 | ---- | C] () -- C:\Users\HP\AppData\Roaming\GhostObjGAFix.xml
[2009/04/28 11:08:04 | 000,014,874 | ---- | C] () -- C:\Users\HP\HPACTIVECHECK.JS

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

  • 0

Advertisements


#2
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Extras File:

OTL Extras logfile created on: 12/30/2013 3:12:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arachnaes 2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 34.60% Memory free
5.73 Gb Paging File | 3.20 Gb Available in Paging File | 55.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.52 Gb Total Space | 182.01 Gb Free Space | 64.19% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 2.34 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.38 Mb Free Space | 96.02% Space Free | Partition Type: FAT32
Drive G: | 1.89 Gb Total Space | 1.59 Gb Free Space | 84.18% Space Free | Partition Type: FAT

Computer Name: ARACHNAE-LAPTOP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SeaMonkeyHTML] -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\WinampPro\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\WinampPro\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\WinampPro\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\WinampPro\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\WinampPro\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\WinampPro\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CF1EB90-3CFD-4485-977B-4FFDB61CF5F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{2750EA7F-B7B7-43CD-B221-FA65D930B031}" = lport=137 | protocol=17 | dir=in | app=system |
"{42E9988D-9008-48EA-9C71-F01A6E2416C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EAD905F-CD4B-4A3A-A7F3-D0CFD25E1B73}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60292397-ABEA-4516-A58A-5F2243D27232}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6352CA31-8462-4E82-80D4-65B73B0FE9A0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6488DE8A-7F83-4430-A98A-F47854385CAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C9F4B09-B32D-4F39-8042-C66655400245}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6CB72BF4-A24F-4AB7-8CC6-E898A791002E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{707B690F-4092-4349-8315-76C3A0362334}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{713334BE-E279-4830-A617-129BFA31C05E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{722A1FE6-EBF5-4F07-8433-DBDDD29F89FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{846C7339-0836-4D6D-9EBE-838A3AD5971D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{861563BD-C0DC-4277-AD10-BA3053D532D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87F475A1-3F54-45F4-8327-C65E30A3D8A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88076FEF-90C4-4849-9A08-292ACD1CABA6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8E957AC5-D23E-4F46-84D3-6D6C75DBDF1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9165984E-5FAA-4195-AC99-41710C7CAE05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{930B27FB-6B3F-4024-8597-41F56FB3EB1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{959CC78F-02E4-4EAE-ABCD-381A615E5764}" = rport=139 | protocol=6 | dir=out | app=system |
"{9895A999-374D-47D1-BC4A-AF6FDB60135E}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C18D274-051F-461D-BD5C-DAC99C9C6FE3}" = rport=445 | protocol=6 | dir=out | app=system |
"{A755E90B-A748-4025-B813-F2F1631841F6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A8527034-8706-42E3-9971-6502C6DCA67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A892BDCE-EB77-4704-9783-7FAB2A0AB50D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A9AF245A-6B80-4950-8A1B-58320DF87601}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B7509F30-F16C-4A4E-9AB4-F7C10B90FF5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA3EB622-3CCF-4F0E-8D70-C68EB8224B05}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BB4FA248-D485-489A-BC5A-93B7A8782875}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2917D85-21CE-468D-91AD-10D8454B4596}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE4EE34D-6B81-4D09-8ECE-4C51819A1A80}" = rport=138 | protocol=17 | dir=out | app=system |
"{D29588FD-6926-4A21-861F-9B3289A75A97}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE8E7A20-611A-49A4-BE55-4960194D7018}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F159205D-EAFE-41EA-8952-EF16140E2A81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FEB7194E-B6A2-4A70-BED1-A363FFE996C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09892C5E-279C-4503-AF8B-6645C04229F8}" = protocol=1 | dir=in | [email protected],-28543 |
"{1244B551-0427-43D1-9CCE-67C05045CBDC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{13D0C85E-BBC9-4A66-91CC-2F17E8D9A05B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1930A0FB-41D4-433A-B340-448AD642AFF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{19A258CD-64C2-4DBA-BF08-7C0DAE1A4BC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B9D26C7-7E14-49FA-AC0E-BF47BFAC1DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{1C57CA07-E9E4-47F8-A074-13C827211B94}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F5E1E85-8702-4BFD-94E0-A40329B4F085}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29E05283-2CCB-4182-A296-D15A95F5D38C}" = protocol=6 | dir=in | app=c:\users\hp\appdata\roaming\spotify\spotify.exe |
"{30BC2F66-5B3A-498C-B3EB-FC5BF27C3EA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3287C181-99CC-423A-8E0E-191F7FF6507B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{403C8AD6-C02E-4B1C-82EA-3030675AB955}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{419E2D2A-E896-4B0D-8D06-4393B1E23423}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{422205C4-CDA6-4DC6-9202-794357EA42CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42B0C972-8E07-4953-A0EE-1CD817D8EEB5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{435E1B31-2EA7-4E09-94F8-17445E40FE28}" = protocol=17 | dir=in | app=c:\program files (x86)\winamppro\winamp.exe |
"{4993CB10-223D-4869-B6A4-B540CC4873D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B735202-A14D-4058-A124-1E342AA0E2DE}" = protocol=58 | dir=out | [email protected],-28546 |
"{51CCB207-12C7-4D81-880A-5AF310806AEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{621DAAC1-8ABA-4D75-9373-01C980021CC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68B8B542-585E-414F-8F24-FB19F3571CEE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{764DA1A3-6913-415A-B7EC-6562DAB9D640}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A80B7D2-9752-4BC9-86BE-505A25EF29B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{8088D8FC-A8CB-4A5A-B5C7-53F23D1BBCBF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{88EE285E-DB33-4E59-9B45-F87B90D7E18F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{899811AD-30DE-48AB-AB0F-7D3770F503FE}" = protocol=6 | dir=in | app=c:\program files (x86)\winamppro\winamp.exe |
"{8EF4627A-E8CB-4A8C-AA9C-12DC61E55634}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91646D8A-8359-457E-A392-0B2AFFE6985E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{94E091F6-4C65-48F8-9DF6-52E549C5AF48}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{987D6FF5-E730-4A6A-9940-F61BE3448D96}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99AAB53A-D81A-436C-A1A0-519B496F7349}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3BC0144-755E-4A58-96F5-F33D2048D0BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5C97E5F-005B-41FD-8949-65195A9E838C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{AF45A6D6-0F16-47F2-BDD0-8CB0AC464E9E}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\temp\7zs750.tmp\symnrt.exe |
"{B377B9C9-4206-42DF-82AF-8D8CD36172BC}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B99D0458-ECAD-4008-BD76-C099FBB71160}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{BC801167-8333-40DD-AED3-875182004913}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{BCFB20D3-8617-4265-A89F-6A75A18F7023}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{CA2CA072-CE7B-4FC1-AF37-E3C74478AF7F}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\temp\7zs750.tmp\symnrt.exe |
"{D355E7A4-62BA-4BA0-A9A2-7E94BAF64AAA}" = protocol=17 | dir=in | app=c:\users\hp\appdata\roaming\spotify\spotify.exe |
"{D3EF5683-A6FA-4A73-898E-33A4347B84BC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D4D927F6-5F3F-4036-8F2A-4C48BCF9D065}" = protocol=1 | dir=out | [email protected],-28544 |
"{E6B8C66E-778E-4863-A7E6-7D7E02F9E44C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6EA902F-C3AF-45D3-B634-6EC7DFEDAA31}" = protocol=58 | dir=in | [email protected],-28545 |
"{F45383F3-19BA-4719-85E9-E0A4A35D6FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FA5A14E1-6B2B-4DBD-BE8B-A16BAA90EBD0}" = protocol=6 | dir=out | app=system |
"TCP Query User{1319E529-56A8-40B7-A947-217FEE260D81}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{1C891F08-A202-4AE5-A042-359D5CAB1466}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{217AC8A9-88FE-4CE6-859F-4201701E238A}C:\users\hp\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hp\appdata\roaming\spotify\spotify.exe |
"TCP Query User{654F243C-7A37-4750-B0A1-33255133C321}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{783512BB-6362-49DD-86BB-A0E5C31A6EB3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{C1AB4E67-C05F-4760-BED5-F544EC68CB9D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{2C822D4C-33A9-4142-AD8C-DA67A0A82B83}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{355FF52C-5666-44F7-B22D-C275971E1AC7}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{50F4886A-023F-48CD-BCAA-E84A13F35980}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6186D96B-EA21-444F-BD74-7FA6AEFBB63A}C:\users\hp\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hp\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A1FAC156-36E4-4D39-9C20-C19CF5209433}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B257BDB1-1CB6-4327-A0BF-2370B640BC5E}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E5A24F8D-40E1-45CB-B509-81186D795735}" = HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7AE408-7846-4D13-81F7-D4447A994DBA}" = Calendar
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{543BDDCD-E230-4F37-881B-4900B833BBD7}" = C6300
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CE9B20A-6C15-48A3-99A5-02C9A3E389EF}" = PS_AIO_04_C6300_Software_Min
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E0081D4A-E4F0-40F5-9475-488F9126F5DB}" = ArcSoft PhotoStudio Paint
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F03EC055-F34E-4F6B-A684-8A370E11A304}" = ArcSoft Print Creations
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"3-D_Dancing_Skeleton" = 3-D_Dancing_Skeleton Screen Saver
"3-D_Dia_De_Los_Muertos" = 3-D_Dia_De_Los_Muertos Screen Saver
"3-D_Ghost_Manor" = 3-D_Ghost_Manor Screen Saver
"3-D_Mad_Scientists_Penguins" = 3-D_Mad_Scientists_Penguins Screen Saver
"3-D_Skellerina_Ballerinas" = 3-D_Skellerina_Ballerinas Screen Saver
"3-D_Things_That_Go_Bump" = 3-D_Things_That_Go_Bump Screen Saver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"am-supermahjong" = Super Mahjong
"avast" = avast! Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ERUNT_is1" = ERUNT 1.1j
"FastStone Capture" = FastStone Capture 7.0
"FastStone Image Viewer" = FastStone Image Viewer 4.7
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"FSCapture" = FSCapture
"GadgetPack" = GadgetPack (remove only)
"Google Chrome" = Google Chrome
"Halloween Slots" = Halloween Slots
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MoonPhase" = MoonPhase
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SeaMonkey 2.20 (x86 en-US)" = SeaMonkey 2.20 (x86 en-US)
"Solitaire Plus!_is1" = Solitaire Plus! version 3.0
"Swatch Halloween SceenSaver" = Swatch Halloween SceenSaver Screen Saver
"The Weather Channel App" = The Weather Channel App
"TuneUp Utilities" = TuneUp Utilities
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT082438" = Build-a-lot 2
"WT083477" = Cake Mania

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2013 4:33:12 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9313

Error - 12/30/2013 4:33:13 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2013 4:33:13 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10780

Error - 12/30/2013 4:33:13 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10780

Error - 12/30/2013 4:33:14 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2013 4:33:14 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11794

Error - 12/30/2013 4:33:14 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11794

Error - 12/30/2013 4:33:16 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2013 4:33:16 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13260

Error - 12/30/2013 4:33:16 AM | Computer Name = Arachnae-LapTop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13260

[ Hewlett-Packard Events ]
Error - 1/16/2013 9:00:10 PM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011316055938.xml
File not created by asset agent

Error - 6/8/2013 8:01:37 PM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061308060104.xml
File not created by asset agent

Error - 6/8/2013 8:02:09 PM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061308060137.xml
File not created by asset agent

Error - 6/9/2013 9:47:37 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061309074703.xml
File not created by asset agent

Error - 6/9/2013 9:48:10 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061309074738.xml
File not created by asset agent

Error - 8/18/2013 10:10:15 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081318080942.xml
File not created by asset agent

Error - 8/18/2013 10:10:47 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081318081015.xml
File not created by asset agent

Error - 8/27/2013 4:38:36 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081327023802.xml
File not created by asset agent

Error - 8/27/2013 4:39:08 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081327023836.xml
File not created by asset agent

Error - 8/27/2013 5:04:30 AM | Computer Name = Arachnae-LapTop | Source = Hewlett-Packard | ID = 0
Description =

[ Media Center Events ]
Error - 4/12/2011 10:15:20 PM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 8:15:20 PM - Error connecting to the internet. 8:15:20 PM - Unable
to contact server..

Error - 4/12/2011 10:15:30 PM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 8:15:25 PM - Error connecting to the internet. 8:15:25 PM - Unable
to contact server..

Error - 4/14/2011 12:36:21 AM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 10:36:17 PM - Error connecting to the internet. 10:36:17 PM - Unable
to contact server..

Error - 4/14/2011 1:36:54 AM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 11:36:53 PM - Error connecting to the internet. 11:36:53 PM - Unable
to contact server..

Error - 4/14/2011 2:36:59 AM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 12:36:59 AM - Error connecting to the internet. 12:36:59 AM - Unable
to contact server..

Error - 4/14/2011 4:01:27 AM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 2:01:25 AM - Error connecting to the internet. 2:01:25 AM - Unable
to contact server..

Error - 4/14/2011 9:25:38 PM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 7:25:38 PM - Error connecting to the internet. 7:25:38 PM - Unable
to contact server..

Error - 4/14/2011 9:26:01 PM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 7:25:55 PM - Error connecting to the internet. 7:25:55 PM - Unable
to contact server..

Error - 12/21/2011 11:49:49 AM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 8:49:49 AM - Error connecting to the internet. 8:49:49 AM - Unable
to contact server..

Error - 12/21/2011 11:50:20 AM | Computer Name = Arachnae-Mobile | Source = MCUpdate | ID = 0
Description = 8:50:18 AM - Error connecting to the internet. 8:50:18 AM - Unable
to contact server..

[ Spybot - Search and Destroy Events ]
Error - 7/17/2013 4:00:01 AM | Computer Name = Arachnae-LapTop | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/18/2013 1:10:04 AM | Computer Name = Arachnae-LapTop | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 9/23/2013 10:27:35 AM | Computer Name = Arachnae-LapTop | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 12/1/2013 1:35:50 PM | Computer Name = Arachnae-LapTop | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 12/4/2013 6:13:47 PM | Computer Name = Arachnae-LapTop | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 12/25/2013 11:29:29 PM | Computer Name = Arachnae-LapTop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TuneUp.UtilitiesSvc service.

Error - 12/25/2013 11:30:47 PM | Computer Name = Arachnae-LapTop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:29:17 PM on ?12/?25/?2013 was unexpected.

Error - 12/26/2013 12:25:30 AM | Computer Name = Arachnae-LapTop | Source = BROWSER | ID = 8032
Description =

Error - 12/26/2013 12:31:32 AM | Computer Name = Arachnae-LapTop | Source = Service Control Manager | ID = 7034
Description = The COMODO Dragon Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/26/2013 2:32:23 AM | Computer Name = Arachnae-LapTop | Source = BROWSER | ID = 8032
Description =

Error - 12/27/2013 3:58:02 AM | Computer Name = Arachnae-LapTop | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/27/2013 8:18:59 AM | Computer Name = Arachnae-LapTop | Source = DCOM | ID = 10010
Description =

Error - 12/28/2013 9:27:00 PM | Computer Name = Arachnae-LapTop | Source = DCOM | ID = 10010
Description =

Error - 12/30/2013 4:33:12 AM | Computer Name = Arachnae-LapTop | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/30/2013 4:11:16 PM | Computer Name = Arachnae-LapTop | Source = DCOM | ID = 10010
Description =


< End of report >

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Please do not play with the font color.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Run the Memory test: http://www.sevenforu...stics-tool.html
Does it pass? I'm seeing some memory error indications in your event logs.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#4
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for taking the time to help me.
Memory test: PASSED

# AdwCleaner v3.016 - Report created 06/01/2014 at 07:24:12
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HP - ARACHNAE-LAPTOP
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\HP\AppData\Local\getsavin
Folder Deleted : C:\Users\HP\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\HP\AppData\Local\PackageAware
Folder Deleted : C:\Users\HP\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\HP\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.dll
File Deleted : C:\Windows\System32\AdpeakProxy64.dll
File Deleted : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\HP\Desktop\Google Chrome (2).lnk
Shortcut Disinfected : C:\Users\HP\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Trymedia Systems
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Deleted : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\nationzoomSoftware
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

[ File : C:\Users\Arachnaes 2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [9903 octets] - [06/01/2014 07:23:11]
AdwCleaner[S0].txt - [7150 octets] - [06/01/2014 07:24:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7210 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by HP on Mon 01/06/2014 at 7:39:01.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1205.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho12BB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho16A5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1BFC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1DF4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1E61.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho28AA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2A7D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho313.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho340F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho349C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3C16.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3C92.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3D6F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3DAE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho401.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho42F0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4589.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho45D2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho48B0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho52D3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5641.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5722.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho604E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6067.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6344.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho642F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6573.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6E57.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6FCC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho718.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho742F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho74D6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho761D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7A36.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7B5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8480.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8876.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8D83.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8DCD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho93C9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho96AD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9991.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9AE2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E5C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9FCA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA69F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoABA2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD47.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB301.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB399.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB41D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB52F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB7EC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBEFB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC36F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC40A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC6D7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC6F4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC76D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCE75.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD03D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD0BB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD290.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDE32.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE60E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAE6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEB0B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF836.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFAAC.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\HP\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\HP\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{06F576CA-0438-41D9-A7E2-D3824D3BAC3F}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{26E0AAB5-65BB-45EF-81FC-0D83400218F3}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{322789E3-3286-4E78-92AC-9E17B4BE69F6}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{359A7A4A-6AA5-4062-A192-D2B7F4CA5134}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{3D9F6BEF-1D21-4119-975B-AE3778A864C1}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{507D9D46-656F-44E9-994E-925BCA4D00E1}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{7252F96B-2626-4B34-BE6C-16EAD5152570}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{76AE4523-EDAD-4665-8084-85C8F267EB0E}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{85DE522D-760C-4E76-8969-ED79EBFEA1A3}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{890F80BD-1759-4E43-8421-BFF8E2C7C635}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{93FD9F29-0B09-43CB-BF25-5C7E097543FD}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{9CCC341F-CA42-47DA-8970-4AF74A7ADBD5}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{CED94919-30F4-4C1A-ACC7-F5371B8EB4FC}
Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{FE79A58C-5199-40D3-BEB3-2B6322D30B09}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 7:47:23.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by HP (administrator) on ARACHNAE-LAPTOP on 06-01-2014 08:17:33
Running from C:\Users\HP\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\WinampPro\winampa.exe
(Robomagic Corp.) C:\Program Files (x86)\Robomagic\MoonPhase\moon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Robomagic Corp.) C:\Program Files (x86)\Robomagic\MoonPhase\moon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1466496 2013-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\WinampPro\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-06] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Synaptics Pointing Device Helper] - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [121640 2011-10-14] (Synaptics Incorporated)
MountPoints2: {04a4fa17-4a81-11e0-8176-78acc043ac88} - G:\TLBootstrap_WPP.exe
MountPoints2: {fa62d0ca-7c2c-11e0-a636-78acc043ac88} - G:\start.exe
HKU\ArachnaeAdmin\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\ArachnaeAdmin\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Arachnaes 2\...\Run: [Spotify Web Helper] - C:\Users\Arachnaes 2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-01-04] (Spotify Ltd)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Guest\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
AppInit_DLLs: [ ] ()
AppInit_DLLs-x32: [ ] ()
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2B6AF103-7E26-4725-9904-833898375CB4} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {2B6AF103-7E26-4725-9904-833898375CB4} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {2B6AF103-7E26-4725-9904-833898375CB4} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: Bitdefender Wallet 64-bit - {09F58E74-42B4-4D70-BA26-35FC954E7A17} - No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO-x32: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO-x32: GetSavin 5.0 - {ABA738E9-190B-46BC-A299-D98294EA7AAB} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{109BE952-F55B-41D5-9C1B-97BA25D9074C}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{6B980954-4BB5-4883-849A-40479CD0B0E3}: [NameServer]8.26.56.26,156.154.70.22

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: http://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Users\HP\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\HP\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\HP\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Fancy Gaming Simplifier) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0
CHR Extension: (Click Trap Remover And Shortlinker) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpgpnhpamnbamgbpdhegjehippjdgd\2.0_0
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Tampermonkey) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.3.3487_0
CHR Extension: (TimelineRemove) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\1.1.0_0
CHR Extension: (Best free games online) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebloljdjoljibdnklhefbdefolabkd\1.2_0
CHR Extension: (Click Trap Remover And Shortlinker) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbjnnkbagjpofgaljnneciaeihcnogno\1.2.3_0
CHR Extension: (avast! Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (English Speaking Challenge) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnanhablceodofhmhpppmeakoamhknkc\0.5_0
CHR Extension: (TLRemove) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk\1.5.0_0
CHR Extension: (Dirt Farmer's Click Trap Remover) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpkdoghndaeolkpcikaieakkfjnall\1.1.0_0
CHR Extension: (FarmVille by Zynga) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchlepkjiaohpppcjacoldhlidbcfhan\1.0.1_0
CHR Extension: (Deactivate Or Disable Facebook Timeline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloifipfpidfdknplfjndcomgebnlcon\3.0_0
CHR Extension: (Easy Cover Maker) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblmajehpcninlogbicfamdnhbflpmkc\2_1
CHR Extension: (FV Extender Classic) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcllnphghagindkpdjodfjghgcinabik\3.1.21_0
CHR Extension: (Google Voice (by Google)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
CHR Extension: (Pic Maker) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmgcbgahjfokkiniknnafmeoaolkfab\0.1_0
CHR Extension: (Virtual Pets spiders - Ragno) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\leihhelbinenpijekdoabkgehbkphdcg\1.1_0
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\4.4.2_0
CHR Extension: (Poppit) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Hello Kitty) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld\1.1_0
CHR Extension: (Facebook Cover Maker & Editor) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjibidejkfaggepnbcnobhinfpojlcmb\5.888_0
CHR Extension: (Amazing Coupons) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0
CHR Extension: (Facebook Covers) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinjeagflheledfiihhbilplepebhhcn\3.888_0
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [39528 2011-09-16] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-06] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-07-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-15] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-06] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [82744 2014-01-06] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-06] ()
R3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 08:17 - 2014-01-06 08:17 - 00020404 _____ C:\Users\HP\Desktop\FRST.txt
2014-01-06 08:16 - 2014-01-06 08:16 - 00000000 ____D C:\FRST
2014-01-06 08:05 - 2014-01-06 08:05 - 00000000 ____D C:\Users\HP\AppData\Roaming\AVAST Software
2014-01-06 07:59 - 2014-01-06 07:59 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-06 07:47 - 2014-01-06 07:47 - 00008522 _____ C:\Users\HP\Desktop\JRT.txt
2014-01-06 07:38 - 2014-01-06 07:38 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 07:27 - 2014-01-06 07:51 - 00000000 ____D C:\Users\HP\Desktop\G2G
2014-01-06 07:23 - 2014-01-06 07:24 - 00000000 ____D C:\AdwCleaner
2014-01-06 07:20 - 2014-01-06 07:20 - 01931762 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-01-06 07:19 - 2014-01-06 07:19 - 01036305 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-01-06 07:18 - 2014-01-06 07:18 - 01233962 _____ C:\Users\HP\Desktop\AdwCleaner.exe
2014-01-06 06:36 - 2014-01-06 08:03 - 00000224 _____ C:\Windows\setupact.log
2014-01-04 16:30 - 2014-01-04 16:30 - 00001848 _____ C:\Users\Arachnaes 2\Desktop\Spotify.lnk
2014-01-04 16:30 - 2014-01-04 16:30 - 00001834 _____ C:\Users\Arachnaes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-04 16:30 - 2014-01-04 16:30 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Local\Spotify
2014-01-04 16:29 - 2014-01-05 00:22 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Spotify
2014-01-01 21:17 - 2014-01-01 21:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 21:16 - 2014-01-01 21:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 21:16 - 2014-01-01 21:16 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 21:16 - 2014-01-01 21:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 22:00 - 2013-12-31 22:00 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Local\Hewlett-Packard
2013-12-31 21:57 - 2013-12-31 21:57 - 00001466 _____ C:\Users\ArachnaeAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ___RD C:\Users\ArachnaeAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ___RD C:\Users\ArachnaeAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Roaming\Hewlett-Packard
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Roaming\Apple Computer
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Roaming\Adobe
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Local\VirtualStore
2013-12-31 20:36 - 2013-12-31 20:36 - 00000057 _____ C:\Users\Arachnaes 2\Desktop\btk.txt
2013-12-31 00:38 - 2013-12-31 00:38 - 00043541 _____ C:\Users\Arachnaes 2\Desktop\Extra.txt
2013-12-30 15:26 - 2013-12-30 15:26 - 00119028 _____ C:\Users\Arachnaes 2\Desktop\OTL.Txt
2013-12-30 14:58 - 2013-12-30 14:58 - 00000690 _____ C:\Users\Arachnaes 2\Desktop\Level Quality Watcher _ scorpionsaverAdpeak.txt
2013-12-30 14:30 - 2013-12-30 14:30 - 00025161 _____ C:\Users\HP\Desktop\DDS2.txt
2013-12-30 14:04 - 2013-12-30 14:04 - 00602112 _____ (OldTimer Tools) C:\Users\Arachnaes 2\Desktop\OTL.exe
2013-12-28 18:30 - 2014-01-06 08:03 - 00151020 _____ C:\Windows\PFRO.log
2013-12-28 03:27 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-28 03:25 - 2013-12-28 03:27 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 03:05 - 2013-12-28 03:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 03:04 - 2013-12-28 03:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-28 02:48 - 2013-12-28 02:53 - 98633040 _____ (Apple Inc.) C:\Users\Arachnaes 2\Downloads\iTunesSetup.exe
2013-12-27 05:17 - 2013-12-27 05:17 - 00002159 _____ C:\Users\Arachnaes 2\Desktop\0iu9u.txt
2013-12-25 23:18 - 2013-12-25 23:18 - 00071328 _____ C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 19:04 - 2013-12-25 19:04 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-12-25 18:35 - 2013-12-25 18:35 - 00002093 _____ C:\Users\Arachnaes 2\Documents\ALEISTER CROWLEY.txt
2013-12-25 18:35 - 2013-12-25 18:35 - 00001074 _____ C:\Users\Arachnaes 2\Documents\Copy of pop-up messenger stop.txt
2013-12-25 18:34 - 2013-12-25 18:34 - 00000367 _____ C:\Users\Arachnaes 2\Documents\Winamp Pro registration key.txt
2013-12-25 17:19 - 2013-12-25 17:19 - 00000017 _____ C:\Users\Arachnaes 2\AppData\Local\resmon.resmoncfg
2013-12-25 15:41 - 2013-12-25 15:41 - 00306808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 15:41 - 2013-12-25 15:41 - 00000000 _____ C:\Windows\setuperr.log
2013-12-25 14:17 - 2013-12-25 14:16 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131225-141730.backup
2013-12-22 17:16 - 2013-12-22 17:16 - 00001462 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-18 15:34 - 2013-12-18 15:34 - 00000000 ____D C:\Windows\ERDNT
2013-12-18 15:32 - 2013-12-18 15:32 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-12-18 12:51 - 2013-12-30 14:29 - 00025161 _____ C:\Users\HP\Desktop\dds.txt
2013-12-18 12:51 - 2013-12-30 14:29 - 00008666 _____ C:\Users\HP\Desktop\attach.txt
2013-12-18 12:40 - 2013-12-18 12:40 - 00688992 ____R (Swearware) C:\Users\Arachnaes 2\Desktop\dds.scr
2013-12-18 09:08 - 2013-12-18 09:08 - 00000653 _____ C:\Users\Arachnaes 2\Desktop\Level Quality Watcher _ scorpionsaver.txt
2013-12-16 07:50 - 2014-01-06 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-16 07:50 - 2013-12-16 07:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-16 07:50 - 2013-12-16 07:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 07:50 - 2013-12-16 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 12:38 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 12:38 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 12:38 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 12:38 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 12:36 - 2013-11-26 04:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 12:36 - 2013-11-26 03:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 12:36 - 2013-11-26 03:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 12:36 - 2013-11-26 03:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 12:36 - 2013-11-26 02:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 12:36 - 2013-11-26 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 12:36 - 2013-11-26 02:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 12:36 - 2013-11-26 02:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 12:36 - 2013-11-26 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 12:36 - 2013-11-26 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 12:36 - 2013-11-26 02:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 12:36 - 2013-11-26 02:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 12:36 - 2013-11-26 02:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 12:36 - 2013-11-26 02:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 12:36 - 2013-11-26 01:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 12:36 - 2013-11-26 01:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 12:36 - 2013-11-26 01:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 12:36 - 2013-11-26 01:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 12:36 - 2013-11-26 01:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 12:36 - 2013-11-26 01:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 12:36 - 2013-11-26 01:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 12:36 - 2013-11-26 01:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 12:36 - 2013-11-26 00:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 12:36 - 2013-11-26 00:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 12:36 - 2013-11-26 00:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 12:36 - 2013-11-26 00:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 12:36 - 2013-11-25 23:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 12:36 - 2013-11-25 23:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 12:36 - 2013-11-25 23:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 12:36 - 2013-11-25 23:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 12:36 - 2013-11-25 23:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 03:22 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 03:22 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 03:22 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 03:22 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 03:22 - 2013-10-29 18:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 03:22 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 03:22 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 03:21 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 03:21 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 03:21 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 03:21 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 03:21 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 03:21 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 03:21 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 03:21 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 03:21 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 03:21 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 03:21 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 03:21 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 09:08 - 2013-12-13 09:08 - 00002172 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2014-01-06 08:17 - 2014-01-06 08:17 - 00020404 _____ C:\Users\HP\Desktop\FRST.txt
2014-01-06 08:16 - 2014-01-06 08:16 - 00000000 ____D C:\FRST
2014-01-06 08:11 - 2009-07-13 21:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 08:11 - 2009-07-13 21:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 08:09 - 2013-08-06 19:06 - 01434711 _____ C:\Windows\WindowsUpdate.log
2014-01-06 08:08 - 2012-05-07 13:53 - 00000000 ____D C:\Users\HP\Desktop\New folder
2014-01-06 08:05 - 2014-01-06 08:05 - 00000000 ____D C:\Users\HP\AppData\Roaming\AVAST Software
2014-01-06 08:04 - 2011-03-09 03:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 08:03 - 2014-01-06 06:36 - 00000224 _____ C:\Windows\setupact.log
2014-01-06 08:03 - 2013-12-28 18:30 - 00151020 _____ C:\Windows\PFRO.log
2014-01-06 08:03 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 08:02 - 2011-03-09 03:28 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 07:59 - 2014-01-06 07:59 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-06 07:59 - 2013-03-29 09:31 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-06 07:59 - 2013-03-29 09:31 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-06 07:59 - 2013-03-29 09:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-06 07:59 - 2013-03-29 09:31 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-06 07:59 - 2013-03-29 09:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-06 07:59 - 2013-03-29 09:31 - 00002019 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-06 07:59 - 2013-03-29 09:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-06 07:59 - 2013-03-17 05:56 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-06 07:59 - 2013-03-17 05:56 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-06 07:59 - 2012-01-13 12:45 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-06 07:55 - 2012-01-13 12:44 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-06 07:54 - 2013-12-16 07:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 07:54 - 2012-01-13 14:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-06 07:51 - 2014-01-06 07:27 - 00000000 ____D C:\Users\HP\Desktop\G2G
2014-01-06 07:47 - 2014-01-06 07:47 - 00008522 _____ C:\Users\HP\Desktop\JRT.txt
2014-01-06 07:38 - 2014-01-06 07:38 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 07:24 - 2014-01-06 07:23 - 00000000 ____D C:\AdwCleaner
2014-01-06 07:24 - 2013-12-01 23:36 - 00001246 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-06 07:24 - 2013-03-04 10:54 - 00001329 _____ C:\Users\HP\Desktop\Google Chrome (2).lnk
2014-01-06 07:24 - 2012-05-25 10:49 - 00001329 _____ C:\Users\HP\Desktop\Google Chrome.lnk
2014-01-06 07:24 - 2012-05-25 10:49 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-01-06 07:24 - 2011-04-17 17:37 - 00001126 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 07:23 - 2012-05-25 10:48 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001UA.job
2014-01-06 07:22 - 2012-02-16 16:46 - 00113152 ___SH C:\Users\HP\Desktop\Thumbs.db
2014-01-06 07:20 - 2014-01-06 07:20 - 01931762 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-01-06 07:19 - 2014-01-06 07:19 - 01036305 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-01-06 07:18 - 2014-01-06 07:18 - 01233962 _____ C:\Users\HP\Desktop\AdwCleaner.exe
2014-01-06 06:27 - 2012-05-16 17:30 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{112F6984-F5C8-4145-A04A-B96AE0866F81}
2014-01-05 00:22 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Spotify
2014-01-04 19:23 - 2012-05-25 10:48 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001Core.job
2014-01-04 16:30 - 2014-01-04 16:30 - 00001848 _____ C:\Users\Arachnaes 2\Desktop\Spotify.lnk
2014-01-04 16:30 - 2014-01-04 16:30 - 00001834 _____ C:\Users\Arachnaes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-04 16:30 - 2014-01-04 16:30 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Local\Spotify
2014-01-01 21:17 - 2013-10-16 08:38 - 00000000 ____D C:\ProgramData\Oracle
2014-01-01 21:16 - 2014-01-01 21:17 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 21:16 - 2014-01-01 21:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 21:16 - 2014-01-01 21:16 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 21:16 - 2014-01-01 21:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 20:41 - 2011-01-05 18:18 - 00000000 ____D C:\Users\HP
2013-12-31 22:25 - 2013-03-06 09:34 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Macromedia
2013-12-31 22:09 - 2013-03-06 09:35 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Adobe
2013-12-31 22:00 - 2013-12-31 22:00 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Local\Hewlett-Packard
2013-12-31 21:57 - 2013-12-31 21:57 - 00001466 _____ C:\Users\ArachnaeAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ___RD C:\Users\ArachnaeAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ___RD C:\Users\ArachnaeAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Roaming\Hewlett-Packard
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Roaming\Apple Computer
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Roaming\Adobe
2013-12-31 21:57 - 2013-12-31 21:57 - 00000000 ____D C:\Users\ArachnaeAdmin\AppData\Local\VirtualStore
2013-12-31 21:57 - 2013-10-04 06:06 - 00000000 ____D C:\Users\ArachnaeAdmin
2013-12-31 20:36 - 2013-12-31 20:36 - 00000057 _____ C:\Users\Arachnaes 2\Desktop\btk.txt
2013-12-31 00:38 - 2013-12-31 00:38 - 00043541 _____ C:\Users\Arachnaes 2\Desktop\Extra.txt
2013-12-30 15:26 - 2013-12-30 15:26 - 00119028 _____ C:\Users\Arachnaes 2\Desktop\OTL.Txt
2013-12-30 14:58 - 2013-12-30 14:58 - 00000690 _____ C:\Users\Arachnaes 2\Desktop\Level Quality Watcher _ scorpionsaverAdpeak.txt
2013-12-30 14:30 - 2013-12-30 14:30 - 00025161 _____ C:\Users\HP\Desktop\DDS2.txt
2013-12-30 14:29 - 2013-12-18 12:51 - 00025161 _____ C:\Users\HP\Desktop\dds.txt
2013-12-30 14:29 - 2013-12-18 12:51 - 00008666 _____ C:\Users\HP\Desktop\attach.txt
2013-12-30 14:04 - 2013-12-30 14:04 - 00602112 _____ (OldTimer Tools) C:\Users\Arachnaes 2\Desktop\OTL.exe
2013-12-30 02:53 - 2012-05-16 18:06 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForARACHNAE-LAPTOP$
2013-12-30 02:53 - 2012-05-16 18:06 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForARACHNAE-LAPTOP$.job
2013-12-29 21:30 - 2013-03-06 09:34 - 00000000 ____D C:\Users\Arachnaes 2
2013-12-28 03:41 - 2013-07-20 03:16 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Apple Computer
2013-12-28 03:27 - 2013-12-28 03:25 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 03:27 - 2013-07-20 03:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-28 03:27 - 2012-01-05 16:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-28 03:25 - 2013-07-20 03:15 - 00000000 ____D C:\Program Files\iPod
2013-12-28 03:05 - 2013-12-28 03:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 03:04 - 2013-12-28 03:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-28 03:04 - 2012-01-05 16:23 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 02:53 - 2013-12-28 02:48 - 98633040 _____ (Apple Inc.) C:\Users\Arachnaes 2\Downloads\iTunesSetup.exe
2013-12-28 02:27 - 2013-02-04 15:02 - 00001546 _____ C:\Windows\wininit.ini
2013-12-28 02:27 - 2011-02-27 21:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 05:17 - 2013-12-27 05:17 - 00002159 _____ C:\Users\Arachnaes 2\Desktop\0iu9u.txt
2013-12-26 21:14 - 2009-07-13 22:13 - 00783400 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-25 23:19 - 2013-08-02 05:01 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-12-25 23:18 - 2013-12-25 23:18 - 00071328 _____ C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 20:50 - 2011-07-21 14:51 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-12-25 19:18 - 2012-05-25 10:48 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001UA
2013-12-25 19:18 - 2012-05-25 10:48 - 00003464 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001Core
2013-12-25 19:04 - 2013-12-25 19:04 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-12-25 18:55 - 2013-08-27 09:35 - 00000000 ____D C:\Users\HP\AppData\Roaming\WinampPro
2013-12-25 18:42 - 2013-08-27 09:35 - 00000000 ____D C:\Program Files (x86)\WinampPro
2013-12-25 18:35 - 2013-12-25 18:35 - 00002093 _____ C:\Users\Arachnaes 2\Documents\ALEISTER CROWLEY.txt
2013-12-25 18:35 - 2013-12-25 18:35 - 00001074 _____ C:\Users\Arachnaes 2\Documents\Copy of pop-up messenger stop.txt
2013-12-25 18:34 - 2013-12-25 18:34 - 00000367 _____ C:\Users\Arachnaes 2\Documents\Winamp Pro registration key.txt
2013-12-25 17:19 - 2013-12-25 17:19 - 00000017 _____ C:\Users\Arachnaes 2\AppData\Local\resmon.resmoncfg
2013-12-25 17:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-12-25 16:55 - 2013-05-27 18:55 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\SoftGrid Client
2013-12-25 16:12 - 2011-02-27 16:51 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2013-12-25 15:41 - 2013-12-25 15:41 - 00306808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 15:41 - 2013-12-25 15:41 - 00000000 _____ C:\Windows\setuperr.log
2013-12-25 14:17 - 2009-07-13 19:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131227-210947.backup
2013-12-25 14:16 - 2013-12-25 14:17 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131225-141730.backup
2013-12-25 13:56 - 2009-09-06 18:57 - 00000000 ____D C:\Windows\Panther
2013-12-25 13:53 - 2012-08-01 21:19 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 13:45 - 2013-08-27 09:37 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\WinampPro
2013-12-24 21:26 - 2011-03-15 23:24 - 00000000 ____D C:\Users\HP\Desktop\-CHAT+DOCS=ME
2013-12-23 10:23 - 2011-06-02 20:04 - 00187392 ___SH C:\Users\HP\Documents\Thumbs.db
2013-12-22 17:16 - 2013-12-22 17:16 - 00001462 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 17:16 - 2013-03-04 20:47 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-22 17:16 - 2013-03-04 20:47 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-19 06:11 - 2013-03-29 09:31 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-18 16:09 - 2012-03-22 16:53 - 00000000 ____D C:\Users\HP\Documents\Financial-Bills
2013-12-18 15:34 - 2013-12-18 15:34 - 00000000 ____D C:\Windows\ERDNT
2013-12-18 15:32 - 2013-12-18 15:32 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-12-18 15:32 - 2011-01-05 18:29 - 00000000 ___RD C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-18 13:02 - 2011-05-18 13:30 - 00000000 ____D C:\Users\HP\Documents\COMPUTER STUFF
2013-12-18 12:40 - 2013-12-18 12:40 - 00688992 ____R (Swearware) C:\Users\Arachnaes 2\Desktop\dds.scr
2013-12-18 10:38 - 2011-03-01 08:53 - 00007599 _____ C:\Users\HP\AppData\Local\resmon.resmoncfg
2013-12-18 09:08 - 2013-12-18 09:08 - 00000653 _____ C:\Users\Arachnaes 2\Desktop\Level Quality Watcher _ scorpionsaver.txt
2013-12-17 21:11 - 2013-03-06 09:35 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Hewlett-Packard
2013-12-16 07:54 - 2013-12-16 07:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-16 07:54 - 2013-12-16 07:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 07:54 - 2013-12-16 07:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 07:54 - 2011-02-24 19:22 - 00000000 ____D C:\Users\HP\AppData\Local\Adobe
2013-12-16 07:50 - 2011-10-04 15:58 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-16 07:50 - 2010-05-16 03:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-16 07:34 - 2012-02-21 09:39 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-12-16 07:24 - 2009-07-13 19:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131225-141641.backup
2013-12-15 00:57 - 2013-07-03 22:54 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2013-12-15 00:57 - 2013-07-03 22:54 - 00000000 ____D C:\Users\Arachnaes 2\AppData\Local\SeaMonkey
2013-12-15 00:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 12:35 - 2013-07-16 18:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 12:32 - 2011-01-05 04:17 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 09:08 - 2013-12-13 09:08 - 00002172 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 16:06 - 2009-07-13 22:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-12 06:04 - 2011-03-09 03:28 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 06:04 - 2011-03-09 03:28 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\HP\HPACTIVECHECK.JS


Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 09:30

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by HP at 2014-01-06 08:18:19
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

3-D_Dancing_Skeleton Screen Saver (x32 Version: - )
3-D_Dia_De_Los_Muertos Screen Saver (x32 Version: - )
3-D_Ghost_Manor Screen Saver (x32 Version: - )
3-D_Mad_Scientists_Penguins Screen Saver (x32 Version: - )
3-D_Skellerina_Ballerinas Screen Saver (x32 Version: - )
3-D_Things_That_Go_Bump Screen Saver (x32 Version: - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player (x32 Version: 11.5.1.601 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (x32 Version: 2.0.29.444 - ArcSoft)
ArcSoft Panorama Maker 4 (x32 Version: 4.5.0.112 - ArcSoft)
ArcSoft Photo Book Screen Saver (x32 Version: 2.0.0.13 - ArcSoft)
ArcSoft PhotoStudio Darkroom 2 (x32 Version: 2.0.0.174 - ArcSoft)
ArcSoft PhotoStudio Paint (x32 Version: 1.6.1.107 - ArcSoft)
ArcSoft Print Creations - Album Page (x32 Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (x32 Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (x32 Version: - ArcSoft)
ArcSoft Print Creations - Funhouse II (x32 Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (x32 Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (x32 Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (x32 Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (x32 Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (x32 Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (x32 Version: - ArcSoft)
ArcSoft Print Creations (x32 Version: 3.0.255.500 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (x32 Version: 2.0.0.11 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (x32 Version: 1.1.0.17 - ArcSoft)
ArcSoft Video Downloader (x32 Version: 2.0.0.39 - ArcSoft)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bing Bar (x32 Version: 7.3.117.0 - Microsoft Corporation)
Bing Desktop (x32 Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
C6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Calendar (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (Version: 4.09 - Piriform)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009 - Georgy Berdyshev)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ERUNT 1.1j (x32 Version: - Lars Hederer)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
FastStone Capture 7.0 (x32 Version: 7.0 - FastStone Soft)
FastStone Image Viewer 4.7 (x32 Version: 4.7 - FastStone Soft)
FastStone Photo Resizer 3.1 (x32 Version: 3.1 - FastStone Soft.)
FSCapture (x32 Version: - )
GadgetPack (remove only) (x32 Version: - )
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Halloween Slots (x32 Version: - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (x32 Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4 (Version: 13.0 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Setup (x32 Version: 1.2.3560.3170 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.0.108.1 - Hewlett-Packard Company)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0178 (x32 Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (x32 Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (x32 Version: 01.02.00.1002 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION
LightScribe System Software (x32 Version: 1.18.12.1 - LightScribe)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
MoonPhase (x32 Version: 2.5 - Robomagic Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (x32 Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Open Freely (Version: 1.0 - Download Freely, LLC)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
PS_AIO_04_C6300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (x32 Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
RtVOsd (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaMonkey 2.20 (x86 en-US) (x32 Version: 2.20 - Mozilla)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Solitaire Plus! version 3.0 (x32 Version: 3.0 - GamesForOne.com)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (x32 Version: 2.0.12 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super Mahjong (x32 Version: - gamehouse)
Swatch Halloween SceenSaver Screen Saver (x32 Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (x32 Version: 4.5.5.0 - Husdawg, LLC)
The Weather Channel App (x32 Version: - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities (x32 Version: 9.0.6020.6 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6020.6 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 9.0.6020.6 - TuneUp Software) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (x32 Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0 - Microsoft Corporation)

==================== Restore Points =========================

23-11-2013 05:41:03 Windows Update
30-11-2013 05:44:09 Windows Update
03-12-2013 11:58:08 Windows Update
04-12-2013 20:37:38 Removed ScorpionSaver
04-12-2013 20:39:22 Removed ScorpionSaver
07-12-2013 08:41:39 Windows Update
14-12-2013 08:04:47 Windows Update
14-12-2013 19:30:12 Windows Update
18-12-2013 01:59:23 Windows Update
18-12-2013 08:02:28 Removed ScorpionSaver
23-12-2013 01:32:16 Windows Update
26-12-2013 02:19:20 Removed DownQuick
26-12-2013 02:20:09 Removed DownQuick
26-12-2013 02:38:25 Removed ScorpionSaver Services
26-12-2013 02:43:40 Installed ScorpionSaver Services
26-12-2013 03:15:15 Installed ScorpionSaver Services
26-12-2013 03:49:04 Removed EasyInfo
26-12-2013 04:13:56 Installed ScorpionSaver Services
26-12-2013 04:33:07 Installed ScorpionSaver Services
27-12-2013 07:50:53 Windows Update
28-12-2013 10:07:31 Installed iTunes
28-12-2013 10:24:08 Installed iTunes
01-01-2014 03:39:41 Windows Update
02-01-2014 03:29:45 Removed Java 7 Update 45
02-01-2014 03:30:40 Removed Java 7 Update 45
02-01-2014 04:15:54 Installed Java 7 Update 45
03-01-2014 15:27:24 Windows Update
06-01-2014 14:55:58 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-12-27 21:09 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0063B13F-4DDA-4985-9DB6-A53AC964AC8E} - System32\Tasks\{9EFE880C-4C67-428A-A795-14C1068FE47C} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {04AE2E94-7826-47DC-A277-C5147604AE30} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {07BF7F52-7CA3-4171-9435-E50345D10E2D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {080C1067-AF67-473B-BDC4-D1965BBF258C} - System32\Tasks\{652D1B53-F8D4-4B3E-9987-924BE142E87E} => C:\Windows2000\Program Files\Games\supermahjong_full.exe
Task: {0CACC3CC-41AB-49B9-AC5F-C2B3F6F085F8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {1C83B4E3-C3CA-48EA-9FE5-C0D36EE9F22C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {1E0EBE07-3508-4D9C-BBEA-729D77A30850} - System32\Tasks\{304C6469-DB93-463C-9C7A-853AC37C3C3A} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {238E093E-05C4-47D1-B1B5-9C793E477183} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {28FFA00C-8394-4299-A385-740C2EB144E8} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {29638B66-583B-447C-B18D-7CCE81E2B75A} - System32\Tasks\{D637A1C1-7C89-497F-82DA-C24DBEE19156} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {2ABCDF0B-C400-4297-8556-FD0C87A57448} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-01-29] (Microsoft)
Task: {2E4196E4-2384-42E6-9C95-81AC4103C958} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-06] (AVAST Software)
Task: {3BCE06C5-4A73-43FF-B257-2E45DD31BCF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25] (Google Inc.)
Task: {4026DEC4-8844-4EA4-8EFC-EA723E36E058} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09] (Google Inc.)
Task: {43302A49-8050-41C9-A42C-B576F986AC75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {45753AB3-E95F-4424-936A-875B74BD2EAE} - System32\Tasks\{DA9C32FE-4A14-4D51-8E89-2C810C6BA2BD} => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
Task: {48A717CA-54C6-4F9E-B0DF-C254B4693537} - System32\Tasks\{29A02460-5679-47EA-B169-5CC60B993396} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {553B1990-CAF3-4CEC-9E06-19D628BDABEB} - System32\Tasks\{EF337B41-4FC7-48D4-BFAF-F799D84AB0B0} => C:\Windows2000\Program Files\Games\supermahjong_full.exe
Task: {553D67D6-69C1-4761-8D5B-4BC7E74867F8} - System32\Tasks\{769ED398-57C4-4241-AD21-D9E5287A6772} => C:\Windows2000\Game installers\3dhalloweenSlots.exe [2008-06-14] ()
Task: {6A607BEB-6C5F-4C2A-B7DA-8D667225E4BF} - System32\Tasks\{E53D9EDF-3DD6-484B-8A8B-72C9D42AC755} => C:\Windows2000\Program Files\Games\supermahjong_full.exe
Task: {6B4CF89C-8623-440E-A923-5E2E8BC0D080} - System32\Tasks\{1C18935A-29D9-4D56-AC6B-016879034070} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {6D70252F-8A0F-4C1E-A1AB-C3B02D71561C} - System32\Tasks\{0201DACF-334A-4A28-8DA0-9CAFDDF2336B} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {716ED18E-95C7-4136-8FC0-4986166EA2F5} - System32\Tasks\{C95EF76C-E4FC-49DD-A50F-663756BBA2AD} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {78F07834-9A06-43E7-B78B-062AF1DC943E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16] (Adobe Systems Incorporated)
Task: {81F72BFE-15DA-49B7-A96D-9E43FA281D71} - System32\Tasks\Google Updater and Installer => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25] (Google Inc.)
Task: {85F76A3D-1F66-4E1D-932D-59E4073CB250} - System32\Tasks\{05BA4E11-BE75-405F-A503-D5C4789BECAD} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {8788CE05-19EB-446F-A5C8-810A098719C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25] (Google Inc.)
Task: {8A51856B-E1E8-4796-9F9F-53DF9D5E2CA3} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-15] (TuneUp Software)
Task: {92EDFB7A-3A85-4284-96EA-2F96BFDA3FB9} - System32\Tasks\{25BE35E6-6951-4CEE-82D6-59717B1060C5} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {A0BA224D-A472-47E2-B279-514DCC72DBEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {A1411677-9CCF-4478-BCFF-CDCF7FAA5F0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09] (Google Inc.)
Task: {A98FC408-E405-4FA2-B0F5-C7C871E7CA8A} - System32\Tasks\{DF04E319-F8E6-4A21-BD90-6A7A5CEDD904} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {AAB9EE13-7AA1-41FD-B308-A7EDFAAAB9C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {AAC49521-6FCC-439B-9A9F-1F3B56EC9877} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AF5629A0-1338-42A4-A0B7-5FD3A0EDDB68} - System32\Tasks\{8A2A9691-6E54-4660-83A5-AF7FF4783A55} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {B0987E9B-37E4-412D-8FCC-10E7C79C15C8} - System32\Tasks\{670EB3EF-F974-4994-BC8C-224D029E5F8F} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {B4240B65-8AC4-496B-BF10-EE945B9A6B43} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {B51DCE6A-CC34-4D03-91FA-7E9738618FDA} - System32\Tasks\{4C396D45-61ED-4A74-92E5-A2FF2AA2623B} => C:\Windows2000\Program Files\FSphotoCaptureSetup.exe [2004-10-07] ()
Task: {B71E65F2-EB92-4F40-9350-951860E5F365} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {BCD09133-15B5-42FD-A89A-F3B3CC39E4AC} - System32\Tasks\{417E8DEB-BA89-406D-B720-A3BA868374FE} => C:\Users\HP\Desktop\-CHAT+DOCS=ME\Artists\puzzle.exe
Task: {BDE6FDD9-05FD-4297-8F57-C6409FB7458D} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-10-28] (Hewlett-Packard)
Task: {BE67CF88-2CAE-4673-9990-89EE271A0BF9} - System32\Tasks\HPCeeScheduleForARACHNAE-LAPTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {D231F169-73C0-4DF7-BAB7-9491A12CE816} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2011-03-17] (HP)
Task: {EBF944F9-D0D7-4FB5-A8C3-6559934EB835} - System32\Tasks\{B95C8BD3-715A-45ED-B511-EF74F32D3475} => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
Task: {EEE102EA-C820-401F-9955-87BC49D26E56} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {F707A0CE-FD8F-4FA4-9898-E12FA1B056CD} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001Core.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2452901835-682907457-936358525-1001UA.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForARACHNAE-LAPTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-06 07:59 - 2014-01-05 16:12 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010501\algo.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-04 14:28 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-04 14:28 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-04 14:28 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-04 14:28 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-02-04 14:28 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-01-06 07:59 - 2014-01-06 07:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/06/2014 08:02:28 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-03-28 17:20:47.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_000\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-28 17:05:07.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_000\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 2933.86 MB
Available physical RAM: 1645.09 MB
Total Pagefile: 5865.9 MB
Available Pagefile: 4248.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.52 GB) (Free:173.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:2.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:1.89 GB) (Free:1.59 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C7F66B27)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Are you still seeing the problem? Which browser are you using?
  • 0

#6
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Not gone yet. I am using Mozilla's SeaMonkey. G2G popup page ad.jpg
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Do you see the problem in Firefox, Chrome or IE?
  • 0

#8
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I am seeing it with SeaMonkey now, it is gone in Chrome. Those are the 2 browsers I use.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
It's probably an Add-On. We don't have any visibility into SeaMonkey but you should be able to start it in Safe mode:

Use one of these methods to start your Mozilla application in Safe Mode. This should not be confused with restarting the computer in Windows Safe Mode!
In current Mozilla application versions, hold down the Shift key while double-clicking the Firefox/Thunderbird/SeaMonkey icon. (If the Profile Manager opens, select a profile and then hold down the Shift key again while clicking the "Start Firefox" button.) [3] [4]
In older versions, use the "Mozilla Firefox (Safe Mode)", "SeaMonkey (Safe Mode)", "Mozilla Thunderbird (Safe Mode)", or "Mozilla Thunderbird (No Extensions)" shortcut in the Mozilla Firefox, SeaMonkey, or Mozilla Thunderbird program folder on the Windows Start Menu.
As an alternative method, select "Start -> Run" (on Windows 7/Vista, enable the Run box, as described here ) and enter the following in the Windows Run box

seamonkey -safe-mode
"C:\Program Files\SeaMonkey\seamonkey.exe" -safe-mode
"C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -safe-mode

See if the problem goes away. That means one of the add-ons is the problem so disable all then enable a few at a time. (Restarting SeaMonkey each time)
  • 0

#10
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It is still there in SeaMonkey Safe Mode.
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Let Avast do a boot time scan tonight while you sleep:

First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report. If it found anything then open the aswBoot.txt file and copy and paste it. If you can't find it then take a screen shot of the Detailed Report:


Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Avast

Select a file type. jpeg

Click the Save button.

Attach Avast.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on Avast.jpg then Open. Now click on Attach this File)
  • 0

#12
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Avast Bootscan seemed to have worked. I have not run the repair yet but, with items in the chest I am not seeing the ad highlights/popups.
Please advise how to proceed.

Here is what Avast found:


01/10/2014 09:17
Scan of all local drives

File C:\Users\Arachnaes 2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agaihojkldnbljibbboiphnefbpnpohg\4.94.1.37999_0\plugins\64ChromePlugIn.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Arachnaes 2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agaihojkldnbljibbboiphnefbpnpohg\4.94.1.37999_0\plugins\SearchControl.dll|>[Embedded_R#T8SQL.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Arachnaes 2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agaihojkldnbljibbboiphnefbpnpohg\4.94.1.37999_0\plugins\SearchControl.dll|>[Embedded_R#UPDATER.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Arachnaes 2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agaihojkldnbljibbboiphnefbpnpohg\4.94.1.37999_0\plugins\SearchControl.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Arachnaes 2\Downloads\Setup_V2.exe|>[Embedded_R#25a44] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Arachnaes 2\Downloads\Setup_V2.exe is infected by Win32:DomaIQ-AG [PUP], Moved to chest
File C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJLBEXRT\ArcProduct[1].zip|>ArcProduct\Icon\PMK.ico Error 42125 {ZIP archive is corrupted.}
File C:\Users\Guest\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XT3GCBBE\ArcProduct[1].zip|>ArcProduct\Icon\PMK.ico Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Downloads\zProgram installers\iTunes64Setup.exe.part|>iTunes64.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\bugsclock.gadget.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\bugsclock.gadget.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\DigitalWorldClock.gadge3.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\DigitalWorldClock.gadge3.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\DigitalWorldClock.gadget.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\DigitalWorldClock.gadget.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\DigitalWorldClock.gadgets.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\HP\My Downloads\zProgram installers\Gadgets\DigitalWorldClock.gadgets.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\HP\My Downloads\Halloween screen savers\HalloweenClock_downloader_by_7ArtScreensavers.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\HP\My Downloads\Halloween screen savers\HalloweenClock_downloader_by_7ArtScreensavers.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>ydetect-browser.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>rkverify.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>biglogo_embossed.ico Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>wzcsapi.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>require_directx6.dat Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>trio_dxtest6.dat Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>dxtest.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>require_directx9.dat Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>trio_dxtest9.dat Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>dxtest90.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\HP\My Music\video phone\mediacoder_8731.exe|>resource.0000.pkg|>require_winxp.dat Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\My Downloads\zProgram installers\bugsclock.gadget.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\bugsclock.gadget.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\DigitalWorldClock.gadge3.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\DigitalWorldClock.gadge3.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\DigitalWorldClock.gadget.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\DigitalWorldClock.gadget.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\DigitalWorldClock.gadgets.exe|>$TEMP\biclient.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Public\Documents\My Downloads\zProgram installers\DigitalWorldClock.gadgets.exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\$Recycle.Bin\S-1-5-21-2452901835-682907457-936358525-1001\$RCA6M3M\chrome.crx|>background.js is infected by JS:AddLyrics-D [Adw], Moved to chest
File C:\$Recycle.Bin\S-1-5-21-2452901835-682907457-936358525-1001\$RCA6M3M\chrome.crx|>contentscript.js is infected by JS:AddLyrics-E [Adw], Moved to chest
File C:\$Recycle.Bin\S-1-5-21-2452901835-682907457-936358525-1001\$RCA6M3M\chrome.crx|>manifest.json is infected by JS:AddLyrics-B [Adw], Moved to chest
File C:\Windows\Installer\d9b0c4.msi|>cab1.cab|>ProxyExe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Windows\Installer\d9b0c5.msi|>cab1.cab|>ProxyExe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Windows2000\Fonts\FreeFontPack.exe is infected by Win32:Installer-J [PUP], Moved to chest
Number of searched folders: 46236
Number of tested files: 1223529
Number of infected files: 30
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
That's really all you need to do. I usually go in and delete the corrupt archive files manually:

File C:\Users\HP\My Downloads\zProgram installers\iTunes64Setup.exe.part|>iTunes64.msi Error 42127 {CAB archive is corrupted.}

The part in bold should be deleted.

If you want to you can go into the Chest and delete the files but it's not necessary.

Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

If we ran Combofix:To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.



OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while.



If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#14
arachnae

arachnae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It's back.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Did you install anything?

Is it in Chrome or IE or Firefox too? If so run a FRST scan with Additions checked and post the log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP