Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Malware


  • Please log in to reply

#31
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

Sorry, here is the log after I deleted everything:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Kids :: MISTERMAGIC [administrator]

5/1/2014 10:42:02 PM
mbam-log-2014-05-01 (22-42-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227105
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> 8052 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.condui...PV=212221_sp_ie) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 34
C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Delete on reboot.
C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0 (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\userCode (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\icons (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\icons\actions (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl (PUP.Optional.CrossRider.A) -> Delete on reboot.

Files Detected: 185
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nseBCBA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nsk9A18.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nskC390.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nspC006.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nsz9D34.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nszA08F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nsp74BC\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Downloads\Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\DEK7WOVL\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\RIKCE0WO\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\RIKCE0WO\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0.localstorage (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0.localstorage-journal (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Delete on reboot.
C:\Program Files (x86)\Browsersafeguard\config.dat (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.jpg (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0\2 (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\background.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\chromeCoreFilesIndex.txt (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\crossriderManifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\manifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\popup.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\manifest.xml (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\1.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\103.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\104.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\13.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\14.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\17.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\177.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\182.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\183.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\184.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\19.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\192.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\193.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\207.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\21.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\22.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\223.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\242.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\246.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\28.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\32.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\4.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\47.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\5.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\64.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\7.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\72.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\78.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\80.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\9.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\91.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\93.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\plugins\97.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\userCode\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\extensionData\userCode\extension.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\icons\icon128.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\icons\icon16.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\icons\icon48.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\icons\actions\1.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\main.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\platformVersion.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api\chrome.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api\cookie.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api\message.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api\monitor.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api\pageAction.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\api\pageActionBG.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\bg_app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\consts.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\cookie_store.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\crossriderAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\delegate.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\events.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\extensionDataStore.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\installer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\logFile.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\logging.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\onBGDocumentLoad.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\reports.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\storageWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\updateManager.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\util.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\xhr.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\popupResource\newPopup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.44_0\js\lib\popupResource\popup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\000019.ldb (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\000022.log (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\CURRENT (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\LOCK (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\LOG (PUP.Optional.CrossRider.A) -> Delete on reboot.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\LOG.old (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\MANIFEST-000020 (PUP.Optional.CrossRider.A) -> Delete on reboot.

(end)
 


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Looks like you have picked up some new adware.  

 

* Right-click mbam-setup.exe and select Run As Administrator to start the program. 
    * follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
 
    * Be sure that everything is checked, and click Remove Selected.
 
    * When completed, a log will open in Notepad. Please save it to a convenient location.
    * The log can also be found here:
            C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    * Post that log back here.
 

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Download OTL from
    and Save it to your desktop.
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.

    • 0

    #33
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.05.03.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17105
    Kids :: MISTERMAGIC [administrator]

    5/3/2014 8:18:02 AM
    mbam-log-2014-05-03 (08-18-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 237751
    Time elapsed: 3 minute(s), 44 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> 1760 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.

    (end)
     


    • 0

    #34
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    # AdwCleaner v3.022 - Report created 03/05/2014 at 08:26:03
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Kids - MISTERMAGIC
    # Running from : C:\Users\Kids\Contacts\Desktop\Virus\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : 70e6ca8c

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\Users\Kids\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Kids\AppData\Roaming\Optimizer Pro
    Folder Deleted : C:\Users\Kids\Documents\Optimizer Pro
    File Deleted : C:\Users\Kids\Contacts\Desktop\Optimizer Pro.lnk

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\prefs.js ]

    Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M719DE2FF-F95F-4673-88D8-ECA41C871CD6&SearchSource=69&CUI=&SSPV=212221_sp_ff&Lay=1&UM=5&UP=SP[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylig[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app50368%22%3A%22app50[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_geolocation.expiration", "Sun Apr 06 2014 08:31:12 GMT-0700 (Pacific Sta[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_metadata.expiration", "Sun Apr 06 2014 12:22:59 GMT-0700 (Pacific Standa[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A50368%2C%22appName%22%3A%22Informatio[...]

    -\\ Google Chrome v34.0.1847.131

    [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : search_url
    Deleted : suggest_url
    Deleted : keyword

    *************************

    AdwCleaner[R0].txt - [12499 octets] - [30/03/2014 07:56:56]
    AdwCleaner[R1].txt - [3922 octets] - [03/05/2014 08:24:47]
    AdwCleaner[S0].txt - [12254 octets] - [30/03/2014 07:58:22]
    AdwCleaner[S1].txt - [3759 octets] - [03/05/2014 08:26:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3819 octets] ##########
     


    • 0

    #35
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Kids on Sat 05/03/2014 at  8:33:11.63
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/03/2014 at  8:38:34.20
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #36
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    It didn't do an "Additional.txt", here is the frst.txt:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01 (ATTENTION: ====> FRST version is 21 days old and could be outdated)
    Ran by Kids (administrator) on MISTERMAGIC on 03-05-2014 08:49:50
    Running from C:\Users\Kids\Contacts\Desktop\Virus\New folder
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\windows\system32\atiesrxx.exe
    (AMD) C:\windows\system32\atieclxx.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Windows\jmesoft\Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    (Lenovo) C:\Windows\jmesoft\hotkey.exe
    (McAfee, Inc.) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\McAfee Security Scan\3.8.141\SSScheduler.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    (Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    () C:\Windows\jmesoft\JME_LOAD.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
    HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
    HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\flashax10.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\flashax10.exe <====== ATTENTION
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] - C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [GoogleChromeAutoLaunch_52DC92D03AE215F062C0A2811131F7D2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
    Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    ProxyEnable: Internet Explorer proxy is enabled.
    ProxyServer: http=127.0.0.1:56528;https=127.0.0.1:56528
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7LEND
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://finance.yahoo.com/
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Bitdefender QuickScan - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-04-26]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://www.google.com
    CHR DefaultNewTabURL: https://search.condu...&p=cnts&SAT=SNT
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (Little Alchemy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-04-27]
    CHR Extension: (Google Wallet) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-03 08:38 - 2014-05-03 08:38 - 00000761 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-05-03 08:30 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\Kids\Desktop\JRT_NEW.exe
    2014-05-02 06:46 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-05-02 06:46 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-05-02 06:46 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-05-02 06:46 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-27 14:16 - 2014-04-27 14:16 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-04-26 11:09 - 2014-04-26 11:11 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\QuickScan
    2014-04-23 19:33 - 2014-04-23 19:33 - 02347384 _____ (ESET) C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
    2014-04-23 19:33 - 2014-04-23 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-04-22 19:55 - 2014-04-22 19:55 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(3).msi
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Users\Kids\AppData\Local\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-04-20 12:53 - 2014-04-20 12:54 - 00000000 ____D () C:\ProgramData\Apple
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files\Bonjour
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-04-20 12:50 - 2014-04-20 12:52 - 148885840 _____ (Apple Inc.) C:\Users\Kids\Downloads\iTunes64Setup.exe
    2014-04-20 03:13 - 2014-04-21 03:11 - 00773788 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-18 15:10 - 2014-04-18 15:14 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(2).msi
    2014-04-15 12:22 - 2014-04-15 12:22 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(1).msi
    2014-04-15 12:17 - 2014-04-15 12:17 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688.msi
    2014-04-14 03:00 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-04-14 03:00 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-04-14 03:00 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-04-14 03:00 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-04-14 03:00 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-04-14 03:00 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-04-14 03:00 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-04-14 03:00 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-04-14 03:00 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-04-14 03:00 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-04-14 03:00 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-04-14 03:00 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-04-14 03:00 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-04-14 03:00 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-04-14 03:00 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-04-14 03:00 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-04-14 03:00 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-04-14 03:00 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-04-14 03:00 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-04-14 03:00 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-04-14 03:00 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-04-14 03:00 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-04-14 03:00 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-04-14 03:00 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-04-14 03:00 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-04-14 03:00 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-04-14 03:00 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-04-14 03:00 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-04-14 03:00 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-04-14 03:00 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-04-14 03:00 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-14 03:00 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-04-14 03:00 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-04-14 03:00 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-04-14 03:00 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-04-14 03:00 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-04-14 03:00 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-04-14 03:00 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-04-14 03:00 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-04-14 03:00 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-04-14 03:00 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-04-14 03:00 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-04-14 03:00 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-04-14 03:00 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2014-04-11 07:37 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2014-04-11 07:37 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2014-04-11 07:37 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2014-04-11 07:37 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2014-04-11 07:37 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2014-04-11 07:37 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2014-04-11 07:37 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
    2014-04-11 07:37 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
    2014-04-11 07:37 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
    2014-04-11 07:37 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
    2014-04-11 07:37 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
    2014-04-11 07:37 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

    ==================== One Month Modified Files and Folders =======

    2014-05-03 08:49 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-05-03 08:42 - 2012-10-14 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-05-03 08:38 - 2014-05-03 08:38 - 00000761 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-05-03 08:35 - 2012-04-24 12:33 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-03 08:34 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-03 08:34 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-03 08:31 - 2009-07-13 22:13 - 00782010 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-05-03 08:27 - 2014-04-02 19:30 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-03 08:27 - 2013-10-09 07:47 - 00005332 _____ () C:\windows\setupact.log
    2014-05-03 08:27 - 2012-11-26 10:03 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Dropbox
    2014-05-03 08:27 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-05-03 08:26 - 2014-03-30 07:55 - 00000000 ____D () C:\AdwCleaner
    2014-05-03 08:26 - 2013-11-11 14:38 - 00678016 _____ () C:\windows\PFRO.log
    2014-05-03 08:26 - 2012-04-24 11:28 - 01807975 _____ () C:\windows\WindowsUpdate.log
    2014-05-01 22:38 - 2012-10-14 11:10 - 00000000 ____D () C:\Users\Kids\AppData\Local\VirtualStore
    2014-05-01 18:08 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-04-29 07:01 - 2014-05-02 06:46 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-04-29 06:40 - 2014-05-02 06:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-04-29 05:48 - 2014-05-02 06:46 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-04-29 05:34 - 2014-05-02 06:46 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-28 16:42 - 2012-10-14 13:00 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-04-28 16:42 - 2012-10-14 13:00 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-28 16:42 - 2012-10-14 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-27 14:21 - 2012-10-14 11:11 - 00000000 ____D () C:\Users\Kids\AppData\Local\Google
    2014-04-27 14:16 - 2014-04-27 14:16 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-04-26 11:11 - 2014-04-26 11:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\QuickScan
    2014-04-24 19:50 - 2012-10-14 13:12 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\.minecraft
    2014-04-23 19:33 - 2014-04-23 19:33 - 02347384 _____ (ESET) C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
    2014-04-23 19:33 - 2014-04-23 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-04-22 19:55 - 2014-04-22 19:55 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(3).msi
    2014-04-21 03:11 - 2014-04-20 03:13 - 00773788 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-20 20:17 - 2014-02-04 21:16 - 00006144 _____ () C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-04-20 19:59 - 2013-07-20 10:02 - 00000000 ____D () C:\Users\Kids\Documents\ezvid
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Users\Kids\AppData\Local\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-04-20 12:54 - 2014-04-20 12:53 - 00000000 ____D () C:\ProgramData\Apple
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files\Bonjour
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-04-20 12:52 - 2014-04-20 12:50 - 148885840 _____ (Apple Inc.) C:\Users\Kids\Downloads\iTunes64Setup.exe
    2014-04-18 15:14 - 2014-04-18 15:10 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(2).msi
    2014-04-15 12:50 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
    2014-04-15 12:22 - 2014-04-15 12:22 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(1).msi
    2014-04-15 12:17 - 2014-04-15 12:17 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688.msi
    2014-04-15 12:15 - 2012-11-26 10:05 - 00000000 ___RD () C:\Users\Kids\Dropbox
    2014-04-14 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-04-11 07:42 - 2013-02-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-05 23:36 - 2014-05-03 08:30 - 01016261 _____ (Thisisu) C:\Users\Kids\Desktop\JRT_NEW.exe

    Files to move or delete:
    ====================
    C:\ProgramData\flashax10.exe


    Some content of TEMP:
    ====================
    C:\Users\Kids\AppData\Local\Temp\avgnt.exe
    C:\Users\Kids\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Kids\AppData\Local\Temp\information.exe
    C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
    C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-30 12:10

    ==================== End Of Log ============================


    • 0

    #37
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Ran again, so posting the new frst.txt and will followup with additional.txt:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01 (ATTENTION: ====> FRST version is 21 days old and could be outdated)
    Ran by Kids (administrator) on MISTERMAGIC on 03-05-2014 08:51:31
    Running from C:\Users\Kids\Contacts\Desktop\Virus\New folder
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\windows\system32\atiesrxx.exe
    (AMD) C:\windows\system32\atieclxx.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Windows\jmesoft\Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    (Lenovo) C:\Windows\jmesoft\hotkey.exe
    (McAfee, Inc.) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\McAfee Security Scan\3.8.141\SSScheduler.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    (Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    () C:\Windows\jmesoft\JME_LOAD.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
    HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
    HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\flashax10.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\flashax10.exe <====== ATTENTION
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] - C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [GoogleChromeAutoLaunch_52DC92D03AE215F062C0A2811131F7D2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
    Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    ProxyEnable: Internet Explorer proxy is enabled.
    ProxyServer: http=127.0.0.1:56528;https=127.0.0.1:56528
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7LEND
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://finance.yahoo.com/
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Bitdefender QuickScan - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-04-26]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://www.google.com
    CHR DefaultNewTabURL: https://search.condu...&p=cnts&SAT=SNT
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (Little Alchemy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-04-27]
    CHR Extension: (Google Wallet) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-03 08:38 - 2014-05-03 08:38 - 00000761 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-05-03 08:30 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\Kids\Desktop\JRT_NEW.exe
    2014-05-02 06:46 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-05-02 06:46 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-05-02 06:46 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-05-02 06:46 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-27 14:16 - 2014-04-27 14:16 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-04-26 11:09 - 2014-04-26 11:11 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\QuickScan
    2014-04-23 19:33 - 2014-04-23 19:33 - 02347384 _____ (ESET) C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
    2014-04-23 19:33 - 2014-04-23 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-04-22 19:55 - 2014-04-22 19:55 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(3).msi
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Users\Kids\AppData\Local\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-04-20 12:53 - 2014-04-20 12:54 - 00000000 ____D () C:\ProgramData\Apple
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files\Bonjour
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-04-20 12:50 - 2014-04-20 12:52 - 148885840 _____ (Apple Inc.) C:\Users\Kids\Downloads\iTunes64Setup.exe
    2014-04-20 03:13 - 2014-04-21 03:11 - 00773788 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-18 15:10 - 2014-04-18 15:14 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(2).msi
    2014-04-15 12:22 - 2014-04-15 12:22 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(1).msi
    2014-04-15 12:17 - 2014-04-15 12:17 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688.msi
    2014-04-14 03:00 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-04-14 03:00 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-04-14 03:00 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-04-14 03:00 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-04-14 03:00 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-04-14 03:00 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-04-14 03:00 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-04-14 03:00 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-04-14 03:00 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-04-14 03:00 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-04-14 03:00 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-04-14 03:00 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-04-14 03:00 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-04-14 03:00 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-04-14 03:00 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-04-14 03:00 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-04-14 03:00 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-04-14 03:00 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-04-14 03:00 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-04-14 03:00 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-04-14 03:00 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-04-14 03:00 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-04-14 03:00 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-04-14 03:00 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-04-14 03:00 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-04-14 03:00 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-04-14 03:00 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-04-14 03:00 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-04-14 03:00 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-04-14 03:00 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-04-14 03:00 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-14 03:00 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-04-14 03:00 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-04-14 03:00 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-04-14 03:00 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-04-14 03:00 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-04-14 03:00 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-04-14 03:00 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-04-14 03:00 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-04-14 03:00 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-04-14 03:00 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-04-14 03:00 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-04-14 03:00 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-04-14 03:00 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2014-04-11 07:37 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2014-04-11 07:37 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2014-04-11 07:37 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2014-04-11 07:37 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2014-04-11 07:37 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2014-04-11 07:37 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2014-04-11 07:37 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
    2014-04-11 07:37 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
    2014-04-11 07:37 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
    2014-04-11 07:37 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
    2014-04-11 07:37 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
    2014-04-11 07:37 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

    ==================== One Month Modified Files and Folders =======

    2014-05-03 08:51 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-05-03 08:42 - 2012-10-14 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-05-03 08:38 - 2014-05-03 08:38 - 00000761 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-05-03 08:35 - 2012-04-24 12:33 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-03 08:34 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-03 08:34 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-03 08:31 - 2012-04-24 11:28 - 01807975 _____ () C:\windows\WindowsUpdate.log
    2014-05-03 08:31 - 2009-07-13 22:13 - 00782010 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-05-03 08:27 - 2014-04-02 19:30 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-03 08:27 - 2013-10-09 07:47 - 00005332 _____ () C:\windows\setupact.log
    2014-05-03 08:27 - 2012-11-26 10:03 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Dropbox
    2014-05-03 08:27 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-05-03 08:26 - 2014-03-30 07:55 - 00000000 ____D () C:\AdwCleaner
    2014-05-03 08:26 - 2013-11-11 14:38 - 00678016 _____ () C:\windows\PFRO.log
    2014-05-01 22:38 - 2012-10-14 11:10 - 00000000 ____D () C:\Users\Kids\AppData\Local\VirtualStore
    2014-05-01 18:08 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-04-29 07:01 - 2014-05-02 06:46 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-04-29 06:40 - 2014-05-02 06:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-04-29 05:48 - 2014-05-02 06:46 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-04-29 05:34 - 2014-05-02 06:46 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-28 16:42 - 2012-10-14 13:00 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-04-28 16:42 - 2012-10-14 13:00 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-28 16:42 - 2012-10-14 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-27 14:21 - 2012-10-14 11:11 - 00000000 ____D () C:\Users\Kids\AppData\Local\Google
    2014-04-27 14:16 - 2014-04-27 14:16 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-04-26 11:11 - 2014-04-26 11:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\QuickScan
    2014-04-24 19:50 - 2012-10-14 13:12 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\.minecraft
    2014-04-23 19:33 - 2014-04-23 19:33 - 02347384 _____ (ESET) C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
    2014-04-23 19:33 - 2014-04-23 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-04-22 19:55 - 2014-04-22 19:55 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(3).msi
    2014-04-21 03:11 - 2014-04-20 03:13 - 00773788 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-20 20:17 - 2014-02-04 21:16 - 00006144 _____ () C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-04-20 19:59 - 2013-07-20 10:02 - 00000000 ____D () C:\Users\Kids\Documents\ezvid
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Users\Kids\AppData\Local\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-04-20 12:54 - 2014-04-20 12:53 - 00000000 ____D () C:\ProgramData\Apple
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files\Bonjour
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-04-20 12:52 - 2014-04-20 12:50 - 148885840 _____ (Apple Inc.) C:\Users\Kids\Downloads\iTunes64Setup.exe
    2014-04-18 15:14 - 2014-04-18 15:10 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(2).msi
    2014-04-15 12:50 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
    2014-04-15 12:22 - 2014-04-15 12:22 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(1).msi
    2014-04-15 12:17 - 2014-04-15 12:17 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688.msi
    2014-04-15 12:15 - 2012-11-26 10:05 - 00000000 ___RD () C:\Users\Kids\Dropbox
    2014-04-14 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-04-11 07:42 - 2013-02-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-05 23:36 - 2014-05-03 08:30 - 01016261 _____ (Thisisu) C:\Users\Kids\Desktop\JRT_NEW.exe

    Files to move or delete:
    ====================
    C:\ProgramData\flashax10.exe


    Some content of TEMP:
    ====================
    C:\Users\Kids\AppData\Local\Temp\avgnt.exe
    C:\Users\Kids\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Kids\AppData\Local\Temp\information.exe
    C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
    C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-30 12:10

    ==================== End Of Log ============================


    • 0

    #38
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
    Ran by Kids at 2014-05-03 08:51:49
    Running from C:\Users\Kids\Contacts\Desktop\Virus\New folder
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{AD2C4469-ACD9-4E78-91DE-A6BF6459959A}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Profiles Desktop (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0978 - Ezvid, inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
    Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
    Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
    Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
    Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
    Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
    LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
    Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    20-04-2014 19:54:16 Installed iTunes
    21-04-2014 10:00:21 Windows Update
    23-04-2014 02:56:03 Installed Microsoft Fix it 50688
    23-04-2014 02:56:40 Installed Microsoft Fix it 50688
    30-04-2014 19:17:22 Scheduled Checkpoint
    02-05-2014 13:46:20 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {33FF068A-5C33-45A9-8E6A-95F692294FC2} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {4C647E78-AC49-4877-843D-664969E43CCA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {63590C8E-D0BE-4E98-922D-709118EEE9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe
    Task: {99567155-FDAD-44B5-9066-7D7FF9FFBE3F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
    Task: {C9D71317-FA0F-4856-B676-BC8399A62A3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-08-18 16:44 - 2011-08-18 16:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-04-24 11:31 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2014-01-29 09:00 - 2009-08-21 16:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    2012-04-24 11:31 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
    2011-08-18 16:44 - 2011-08-18 16:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-08-18 17:03 - 2011-08-18 17:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2013-01-25 20:16 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-29 09:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    2014-01-29 09:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
    2012-04-24 11:31 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
    2014-03-28 18:52 - 2014-03-28 18:52 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 29%
    Total physical RAM: 5626.02 MB
    Available physical RAM: 3993.53 MB
    Total Pagefile: 11250.21 MB
    Available Pagefile: 9358.28 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:440.59 GB) (Free:372.12 GB) NTFS
    Drive d: (八月 11 2013) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 82BC915B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25 GB) - (Type=12)

    ==================== End Of Log ============================


    • 0

    #39
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    OTL logfile created on: 5/3/2014 8:55:43 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kids\Contacts\Desktop\Virus
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    5.49 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 70.81% Memory free
    10.99 Gb Paging File | 9.12 Gb Available in Paging File | 83.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 440.59 Gb Total Space | 372.12 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
    Drive D: | 702.82 Mb Total Space | 693.37 Mb Free Space | 98.66% Space Free | Partition Type: UDF
     
    Computer Name: MISTERMAGIC | User Name: Kids | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/03/29 14:28:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kids\Contacts\Desktop\Virus\OTL.exe
    PRC - [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/03/16 03:01:50 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2014/03/16 03:01:22 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2014/03/16 03:01:21 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2014/03/16 03:01:19 | 000,669,776 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
    PRC - [2014/01/02 17:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/06/08 08:41:42 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
    PRC - [2011/05/17 13:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
    PRC - [2011/03/15 20:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
    PRC - [2009/12/04 16:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    PRC - [2009/08/21 16:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/03/28 18:52:28 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2014/01/02 17:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/10/18 16:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2009/12/04 17:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    MOD - [2009/12/04 16:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    MOD - [2009/08/21 16:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    MOD - [2009/04/06 16:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    MOD - [2009/04/06 16:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    MOD - [2009/01/05 21:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    MOD - [2007/12/06 11:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/08/18 16:44:02 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/08/10 01:45:54 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2014/04/28 16:42:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/03/28 18:52:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/16 03:01:50 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2014/03/16 03:01:22 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2011/03/15 20:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/02/01 16:13:28 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2014/02/01 16:13:28 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2014/02/01 16:13:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2012/04/24 12:10:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/04/24 12:10:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/10 02:43:24 | 010,201,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/08/10 02:43:24 | 010,201,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/08/10 01:07:10 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/07/20 02:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/03 15:24:28 | 000,870,400 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7LEND
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56528;https=127.0.0.1:56528
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - prefs.js..network.proxy.type: 4
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2012/10/14 12:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Extensions
    [2014/04/26 11:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions
    [2014/04/26 11:08:58 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2014/03/28 18:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/03/28 18:52:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/03/28 18:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2014/03/28 18:52:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Conduit Search (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com
    CHR - default_search_provider: suggest_url = http://www.google.com,
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - Extension: Little Alchemy = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
    CHR - Extension: Google Wallet = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
     
    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
    O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_52DC92D03AE215F062C0A2811131F7D2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
    O4 - Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55B70B6-81CD-4D1C-B948-3EE882D310EA}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0A66E06-343B-4876-8458-EAFC05969EE4}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
     
     
    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MCODS - Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MCODS - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet:64bit: AppMgmt - Service
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: MCODS - Reg Error: Value error.
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: MCODS - Reg Error: Value error.
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.LAGS - C:\windows\SysWow64\Lagarith.dll ( )
     
    CREATERESTOREPOINT
    System Restore Service not available.
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/04/26 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Roaming\QuickScan
    [2014/04/23 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2014/04/20 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Local\Apple
    [2014/04/20 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2014/04/20 12:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2014/04/20 12:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2014/04/20 12:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2014/04/20 12:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2014/04/20 12:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2014/04/20 03:12:13 | 000,000,000 | ---D | C] -- C:\windows\Migration
    [2014/04/20 03:12:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/04/14 03:00:59 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2014/04/14 03:00:59 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2014/04/14 03:00:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
    [2014/04/14 03:00:53 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2014/04/14 03:00:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2014/04/14 03:00:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/04/14 03:00:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
    [2014/04/14 03:00:51 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
    [2014/04/14 03:00:51 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
    [2014/04/14 03:00:51 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
    [2014/04/14 03:00:50 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2014/04/14 03:00:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
    [2014/04/14 03:00:50 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
    [2014/04/14 03:00:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2014/04/14 03:00:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2014/04/14 03:00:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2014/04/14 03:00:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2014/04/14 03:00:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2014/04/14 03:00:49 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/04/14 03:00:47 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
    [2014/04/14 03:00:47 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
    [2014/04/14 03:00:47 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
    [2014/04/14 03:00:47 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
    [2014/04/14 03:00:47 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
    [2014/04/14 03:00:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
    [2014/04/14 03:00:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
    [2014/04/14 03:00:43 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2014/04/14 03:00:42 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2014/04/14 03:00:39 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2014/04/11 07:37:19 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
    [2014/04/11 07:37:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
    [2014/04/11 07:37:19 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
    [2014/04/11 07:37:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
    [2014/04/11 07:37:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
    [2014/04/11 07:37:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
    [2014/04/11 07:37:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
    [2014/04/11 07:37:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
    [2014/04/11 07:37:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
    [2014/04/11 07:37:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
    [2014/04/11 07:37:16 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
    [2014/04/11 07:37:16 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
    [2014/04/11 07:37:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
    [2014/04/11 07:37:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
    [2012/04/24 12:26:55 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/05/03 08:42:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/05/03 08:35:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/03 08:34:59 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/03 08:34:59 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/03 08:31:26 | 000,782,010 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/05/03 08:31:26 | 000,662,158 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/05/03 08:31:26 | 000,122,026 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/05/03 08:27:10 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/03 08:27:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/05/03 08:26:55 | 129,511,423 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/28 16:42:25 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2014/04/28 16:42:25 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/04/27 14:22:30 | 000,002,283 | ---- | M] () -- C:\Users\Kids\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/21 03:11:46 | 000,773,788 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2014/04/20 20:17:54 | 000,006,144 | ---- | M] () -- C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== Files Created - No Company Name ==========
     
    [2014/04/20 12:54:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2014/04/20 03:13:37 | 000,773,788 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2014/02/04 21:16:13 | 000,006,144 | ---- | C] () -- C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/01/29 09:21:07 | 000,001,001 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_wsc
    [2014/01/29 09:17:20 | 000,000,828 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_sta
    [2014/01/29 09:17:20 | 000,000,824 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_prof
    [2014/01/29 09:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
    [2014/01/29 09:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\drivers\RaCoInst.dat
    [2013/07/20 10:02:04 | 001,229,097 | ---- | C] () -- C:\windows\unins000.exe
    [2013/07/20 10:02:04 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
    [2013/07/20 10:02:04 | 000,076,332 | ---- | C] () -- C:\windows\unins000.dat
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD5000AAKX-083CA1 ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 441.00GB
    Starting Offset: 105906176
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #2
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 25.00GB
    Starting Offset: 473185648640
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2014/04/24 19:50:15 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.minecraft
    [2013/03/24 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Adobe
    [2012/10/14 11:12:55 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\ATI
    [2013/01/25 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Avira
    [2013/09/24 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVSoftware
    [2014/02/03 18:33:07 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\CyberLink
    [2014/05/03 08:27:51 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Dropbox
    [2012/10/14 11:10:13 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Identities
    [2014/01/29 09:00:04 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\InstallShield
    [2012/10/14 11:56:13 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Macromedia
    [2013/09/24 20:42:56 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Malwarebytes
    [2011/02/15 03:41:29 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Media Center Programs
    [2014/02/03 18:25:19 | 000,000,000 | --SD | M] -- C:\Users\Kids\AppData\Roaming\Microsoft
    [2012/10/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Mozilla
    [2013/02/18 13:49:26 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\NCH Software
    [2013/08/13 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Online Video Accelerator
    [2013/08/15 07:06:25 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Open Download Manager
    [2014/04/26 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\QuickScan
     
    < MD5 for: ATAPI.SYS  >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
    [2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2010/11/20 20:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [2013/09/06 19:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 20:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\windows\SysNative\mswsock.dll
    [2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
    [2013/09/06 19:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
    [2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
    [2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
     
    < MD5 for: NAPINSP.DLL  >
    [2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
    [2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\windows\SysNative\NapiNSP.dll
    [2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
     
    < MD5 for: NLAAPI.DLL  >
    [2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
    [2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
    [2010/11/20 20:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
    [2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
    [2010/11/20 20:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
    [2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\windows\SysNative\nlaapi.dll
    [2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
    [2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
    [2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\windows\SysNative\pnrpnsp.dll
    [2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
     
    < MD5 for: PRINTISOLATIONHOST.EXE  >
    [2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
    [2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
     
    < MD5 for: SERVICES.EXE  >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
    [2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
    [2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
    [2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\windows\SysNative\winrnr.dll
    [2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
    [2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
     
    < MD5 for: WSHELPER.DLL  >
    [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
    [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
    [2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
    [2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/03/28 18:52:28 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/03/28 18:52:28 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/03/28 18:52:28 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/07 19:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/03/07 19:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2014/03/28 18:52:28 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2014/03/28 18:52:28 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2014/03/28 18:52:28 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/06 01:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/06 01:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/06 01:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/07 19:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/03/07 19:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2010/11/20 20:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
    [2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
    [2010/11/21 00:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
    [2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
    [2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
    [2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
    [2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
    [2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
    [2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
    [2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
    [2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
    [2010/11/21 00:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    ========== Files - Unicode (All) ==========
    [2013/09/07 13:49:04 | 096,533,415 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ᵌ
    [2013/09/07 13:49:04 | 096,533,415 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ᵌ

    < End of report >
     


    • 0

    #40
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    OTL Extras logfile created on: 5/3/2014 8:55:43 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kids\Contacts\Desktop\Virus
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    5.49 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 70.81% Memory free
    10.99 Gb Paging File | 9.12 Gb Available in Paging File | 83.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 440.59 Gb Total Space | 372.12 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
    Drive D: | 702.82 Mb Total Space | 693.37 Mb Free Space | 98.66% Space Free | Partition Type: UDF
     
    Computer Name: MISTERMAGIC | User Name: Kids | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{028591EB-C1DB-49A1-B38F-DF7BCCCF24B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0398E7CB-2D3F-4BB5-AAC3-FD69B0D5830A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{069E239A-9805-4847-AA53-52653FECA2B3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0AF843FC-BA5B-459D-B06D-63D616501ABB}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2FAA3840-AEA8-4212-8688-82FB0DF46F70}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{347BA453-12E7-43FD-9BD3-63984E768922}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3CB6B099-3488-4C5E-BA34-299D962FFA96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
    "{47929F29-719E-4085-8BAF-3CF035E3CB67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5638141B-A799-46CF-BE09-621D01DCC6A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{59AB35D0-3E15-42DC-88EA-C9D4F2D9DA2A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{5A01D03C-7665-4F42-A383-CDFC66B7470F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{60A64FF9-9E85-4CB4-81CD-61D2CC1D8041}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6126C1E8-F576-4992-88E4-67AC8ED5C6C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{66CCB91E-D785-4809-BBCF-585967D778B2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6C95647F-42BB-4E87-A433-A354A8ACCC5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{72FEC946-BF6B-4EA5-A509-D1CA78B1B495}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{74397592-BECD-4FBD-8E22-9886EA708549}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8ABC2225-1B51-404A-B3BB-4EECE5F012B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{90A0AEA8-F720-4AA7-80FA-F7902AE5A6CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{988C76FD-1278-4A00-9FF7-25F8D0362DF6}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A53FF1B7-CCA5-4A93-98B8-3227C5561549}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{C68B6575-B0E3-461A-B9E2-2842E8D5F25C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DBD96B84-3DC6-4A12-8B15-793EBC30AD80}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F0E1E06C-FB8B-4047-B8FC-BCE89F8215C6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F2E9633-08C7-4959-A4CA-D706D12BFB7A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{10A9BE87-BBB7-4741-A75F-E997B1C06AAF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{22703913-D0C0-40BD-88EB-3BBD75C53977}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{31FAFF04-F498-408D-A53B-3863A4269145}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3DD87C4A-CA19-46FB-AEB4-2B802B17930C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{49CAA084-FCC7-4778-BBFA-A11406B73C45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4AB8DAF0-1FC9-4369-B7A7-499945777465}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{54EBD8C3-3DA0-40AF-B3E2-1ABBF351ADA5}" = protocol=6 | dir=out | app=system |
    "{584287A8-6A12-4245-B2BC-AC0E379E6DB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{687D948C-796C-4C7D-947C-DF353AA218D6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{6CB7C06C-290A-40F1-A525-80671B9CA186}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{6ED9BDA5-744B-42DE-BF74-AFA9716AED3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{80B59CD9-E13D-49DF-ACE8-DA13A5BC82E2}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
    "{878C2951-FA0F-4E8D-95DF-EB76FFF08FDD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{89537C38-40EC-447A-AD30-58DF7F668153}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
    "{98CB6D8B-DB8C-446C-BD88-9988BA827108}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A0810B93-018C-4FC7-ABEF-1E732EB8BE17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AC750C32-8880-405A-8E44-7F90EB0BC0BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{ADA73739-86DD-4BE4-AD4A-231D8B43105D}" = protocol=17 | dir=in | app=c:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe |
    "{AE07E5DD-74A1-4585-B125-9939875EE309}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B9E4A9CE-CC95-4982-BAA9-40B43EF2B4E6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{CCEE7C30-679E-4B3A-9746-A48327FE0BE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CDBC83DD-7158-4451-BDDE-29DA9AAEA0A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{D3B211AD-D6A4-4244-B9E1-58A108F3B246}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D52F46A0-3D0F-4955-B872-A0B9894C2342}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DA1613B0-BE17-4DB5-8B33-1F0096F1FC4C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EE486E89-6049-46F5-BE4F-56C8CDE5DA6A}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
    "{F320CF22-1D3A-4638-891E-BBB427111A8B}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
    "{F51BC051-C680-4AA1-96EF-2547D3488773}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7BC466D-200D-4617-8B0F-602CCB1952EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F7D7D3D0-4E89-4296-B196-AC53A0641E88}" = protocol=6 | dir=in | app=c:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe |
    "{FF5D4BDC-1F2B-4416-949B-D06F8CD9CF34}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "TCP Query User{7DDC119A-D4B7-47E2-A7C9-04836F302B60}C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{8BC81107-B50D-4433-8883-33AD11C90073}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{9FC835A9-00B1-4BD6-AC2A-64858E637E90}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{28717F9D-6D81-4E0D-BD53-F8EEAD45C236}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{3B0F5EE4-59E9-41A7-92E3-DF66D2D5306E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{CA8F0D62-A712-443C-8577-058A1E1274B5}C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe |
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{39034D33-0958-DD8C-FCD1-DDA486337783}" = AMD Fuel
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{AD2C4469-ACD9-4E78-91DE-A6BF6459959A}" = AMD Catalyst Install Manager
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F1CA9ADD-FFD9-60AA-F402-B0052BC5F732}" = ccc-utility64
    "219D5BE6B14468E687B5EFF7979E68AA355A5299" = Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13)
    "McAfee Security Scan" = McAfee Security Scan Plus
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066EE402-9516-8143-515B-E87DFFB8A56D}" = CCC Help Finnish
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{16355B96-CCB3-9152-30C4-8EAA52829AED}" = CCC Help Chinese Standard
    "{16ECB752-AE5E-D1A8-AF16-FE8EB7F7F1B2}" = Catalyst Control Center Profiles Desktop
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A29BCED-DC6E-C78C-9F9D-07F09B76DC55}" = CCC Help Norwegian
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
    "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5077B5AF-717B-45AB-0C4F-18A0C5EEDD02}" = CCC Help Italian
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.0
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698E98F3-025D-3060-C22A-16AEF07D00F6}" = CCC Help Polish
    "{6AF4EC30-E792-F128-7AD1-5009174C3366}" = CCC Help Thai
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74D06BD4-573A-1B29-20BA-0195E111772F}" = CCC Help Czech
    "{74E30182-0275-7F33-4ABD-53AAF78F7508}" = CCC Help German
    "{7659C8B6-F431-E891-295D-C102920119EF}" = CCC Help English
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87F307D7-0733-F7AD-3DB8-F830A58BA530}" = CCC Help Chinese Traditional
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9093D02B-1C31-97B9-FA4D-D8AB2D729543}" = CCC Help Hungarian
    "{91FA36B7-8B5E-10F6-2623-3278A23EEE91}" = CCC Help Japanese
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9B20F3F2-3216-FEC9-F206-E49C41372902}" = CCC Help French
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E34BCAF-C55F-70A0-F719-44ACC9C9392A}" = CCC Help Danish
    "{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1" = PC Tech Hotline
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{ADA70EFC-2E27-C8EC-9588-381103DEEB15}" = CCC Help Greek
    "{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Blacksilk USB Keyboard Driver
    "{B6CF6F09-5455-4AE0-B2ED-5728151388B8}" = Catalyst Control Center - Branding
    "{B9B2E538-E347-E65B-AA42-D938D5A49A82}" = CCC Help Swedish
    "{BB6031F1-5C36-797B-3944-E2915DE2C259}" = Catalyst Control Center Localization All
    "{BC619F7C-84C0-FE3E-01A5-2354F8B94EFF}" = Catalyst Control Center InstallProxy
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C807D0F8-665F-F562-9700-309047E2186B}" = CCC Help Russian
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
    "{D4336DF5-78C4-CC6E-542F-E70B831E0FBF}" = CCC Help Korean
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF6DC54-76A2-2D34-12A0-F3507678C991}" = CCC Help Spanish
    "{DF3BB6E5-97BF-903E-8056-47C5CB39ACBF}" = CCC Help Dutch
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E32B1F33-52A2-802A-231E-8E779A0B2F2B}" = AMD VISION Engine Control Center
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4166D74-900F-52A9-F77C-F85CBF316309}" = CCC Help Portuguese
    "{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FED4BE59-DF2F-FCE9-C65A-38D540C6082F}" = CCC Help Turkish
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Debut" = Debut Video Capture Software
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Chrome" = Google Chrome
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "VideoPad" = VideoPad Video Editor
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
     
    < End of report >
     


    • 0

    Advertisements


    #41
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 7
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
     
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
     

    • 0

    #42
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01
    Ran by Kids at 2014-05-03 12:21:07 Run:3
    Running from C:\Users\Kids\Contacts\Desktop\Virus\New folder
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    ProxyEnable: Internet Explorer proxy is enabled.
    ProxyServer: http=127.0.0.1:56528;https=127.0.0.1:56528
    C:\ProgramData\flashax10.exe
    Task: {33FF068A-5C33-45A9-8E6A-95F692294FC2} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    C:\Program Files (x86)\Browsersafeguard


    *****************

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
    C:\ProgramData\flashax10.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33FF068A-5C33-45A9-8E6A-95F692294FC2} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33FF068A-5C33-45A9-8E6A-95F692294FC2} => Key deleted successfully.
    C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
    "C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.

    ==== End of Fixlog ====


    • 0

    #43
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01 (ATTENTION: ====> FRST version is 21 days old and could be outdated)
    Ran by Kids (administrator) on MISTERMAGIC on 03-05-2014 12:21:49
    Running from C:\Users\Kids\Contacts\Desktop\Virus\New folder
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\windows\system32\atiesrxx.exe
    (AMD) C:\windows\system32\atieclxx.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Windows\jmesoft\Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    (Lenovo) C:\Windows\jmesoft\hotkey.exe
    (McAfee, Inc.) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\McAfee Security Scan\3.8.141\SSScheduler.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    (Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    () C:\Windows\jmesoft\JME_LOAD.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
    HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
    HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\flashax10.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\flashax10.exe <====== ATTENTION
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] - C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [GoogleChromeAutoLaunch_52DC92D03AE215F062C0A2811131F7D2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
    Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7LEND
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://finance.yahoo.com/
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Bitdefender QuickScan - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-04-26]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://www.google.com
    CHR DefaultNewTabURL: https://search.condu...&p=cnts&SAT=SNT
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (Little Alchemy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-04-27]
    CHR Extension: (Google Wallet) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-03 12:17 - 2014-05-03 12:18 - 00921512 _____ (Oracle Corporation) C:\Users\Kids\Downloads\jxpiinstall(1).exe
    2014-05-03 08:38 - 2014-05-03 08:38 - 00000761 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-05-03 08:30 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\Kids\Desktop\JRT_NEW.exe
    2014-05-02 06:46 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-05-02 06:46 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-05-02 06:46 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-05-02 06:46 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-26 11:09 - 2014-04-26 11:11 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\QuickScan
    2014-04-23 19:33 - 2014-04-23 19:33 - 02347384 _____ (ESET) C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
    2014-04-23 19:33 - 2014-04-23 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-04-22 19:55 - 2014-04-22 19:55 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(3).msi
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Users\Kids\AppData\Local\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-04-20 12:53 - 2014-04-20 12:54 - 00000000 ____D () C:\ProgramData\Apple
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files\Bonjour
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-04-20 12:50 - 2014-04-20 12:52 - 148885840 _____ (Apple Inc.) C:\Users\Kids\Downloads\iTunes64Setup.exe
    2014-04-20 03:13 - 2014-04-21 03:11 - 00773788 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-18 15:10 - 2014-04-18 15:14 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(2).msi
    2014-04-15 12:22 - 2014-04-15 12:22 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(1).msi
    2014-04-15 12:17 - 2014-04-15 12:17 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688.msi
    2014-04-14 03:00 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-04-14 03:00 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-04-14 03:00 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-04-14 03:00 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-04-14 03:00 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-04-14 03:00 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-04-14 03:00 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-04-14 03:00 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-04-14 03:00 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-04-14 03:00 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-04-14 03:00 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-04-14 03:00 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-04-14 03:00 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-04-14 03:00 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-04-14 03:00 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-04-14 03:00 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-04-14 03:00 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-04-14 03:00 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-04-14 03:00 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-04-14 03:00 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-04-14 03:00 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-04-14 03:00 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-04-14 03:00 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-04-14 03:00 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-04-14 03:00 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-04-14 03:00 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-04-14 03:00 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-04-14 03:00 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-04-14 03:00 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-04-14 03:00 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-04-14 03:00 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-14 03:00 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-04-14 03:00 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-04-14 03:00 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-04-14 03:00 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-04-14 03:00 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-04-14 03:00 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-04-14 03:00 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-04-14 03:00 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-04-14 03:00 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-04-14 03:00 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-04-14 03:00 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-04-14 03:00 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-04-14 03:00 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2014-04-11 07:37 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2014-04-11 07:37 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2014-04-11 07:37 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2014-04-11 07:37 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2014-04-11 07:37 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2014-04-11 07:37 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2014-04-11 07:37 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2014-04-11 07:37 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
    2014-04-11 07:37 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
    2014-04-11 07:37 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
    2014-04-11 07:37 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
    2014-04-11 07:37 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
    2014-04-11 07:37 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

    ==================== One Month Modified Files and Folders =======

    2014-05-03 12:22 - 2012-11-26 10:03 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Dropbox
    2014-05-03 12:21 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-05-03 12:21 - 2012-11-26 10:05 - 00000000 ___RD () C:\Users\Kids\Dropbox
    2014-05-03 12:18 - 2014-05-03 12:17 - 00921512 _____ (Oracle Corporation) C:\Users\Kids\Downloads\jxpiinstall(1).exe
    2014-05-03 12:12 - 2012-04-24 12:33 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-03 12:12 - 2012-04-24 11:28 - 01810568 _____ () C:\windows\WindowsUpdate.log
    2014-05-03 12:11 - 2012-10-14 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-05-03 11:23 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-03 11:23 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-03 08:38 - 2014-05-03 08:38 - 00000761 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-05-03 08:31 - 2009-07-13 22:13 - 00782010 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-05-03 08:27 - 2014-04-02 19:30 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-03 08:27 - 2013-10-09 07:47 - 00005332 _____ () C:\windows\setupact.log
    2014-05-03 08:27 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-05-03 08:26 - 2014-03-30 07:55 - 00000000 ____D () C:\AdwCleaner
    2014-05-03 08:26 - 2013-11-11 14:38 - 00678016 _____ () C:\windows\PFRO.log
    2014-05-01 22:38 - 2012-10-14 11:10 - 00000000 ____D () C:\Users\Kids\AppData\Local\VirtualStore
    2014-05-01 18:08 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-04-29 07:01 - 2014-05-02 06:46 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-04-29 06:40 - 2014-05-02 06:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-04-29 05:48 - 2014-05-02 06:46 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-04-29 05:34 - 2014-05-02 06:46 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-28 16:42 - 2012-10-14 13:00 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-04-28 16:42 - 2012-10-14 13:00 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-28 16:42 - 2012-10-14 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-27 14:21 - 2012-10-14 11:11 - 00000000 ____D () C:\Users\Kids\AppData\Local\Google
    2014-04-26 11:11 - 2014-04-26 11:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\QuickScan
    2014-04-24 19:50 - 2012-10-14 13:12 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\.minecraft
    2014-04-23 19:33 - 2014-04-23 19:33 - 02347384 _____ (ESET) C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
    2014-04-23 19:33 - 2014-04-23 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-04-22 19:55 - 2014-04-22 19:55 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(3).msi
    2014-04-21 03:11 - 2014-04-20 03:13 - 00773788 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-20 20:17 - 2014-02-04 21:16 - 00006144 _____ () C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-04-20 19:59 - 2013-07-20 10:02 - 00000000 ____D () C:\Users\Kids\Documents\ezvid
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Users\Kids\AppData\Local\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-04-20 12:54 - 2014-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-04-20 12:54 - 2014-04-20 12:53 - 00000000 ____D () C:\ProgramData\Apple
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files\Bonjour
    2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-04-20 12:52 - 2014-04-20 12:50 - 148885840 _____ (Apple Inc.) C:\Users\Kids\Downloads\iTunes64Setup.exe
    2014-04-18 15:14 - 2014-04-18 15:10 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(2).msi
    2014-04-15 12:50 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
    2014-04-15 12:22 - 2014-04-15 12:22 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688(1).msi
    2014-04-15 12:17 - 2014-04-15 12:17 - 00671232 _____ () C:\Users\Kids\Downloads\MicrosoftFixit50688.msi
    2014-04-14 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-04-11 07:42 - 2013-02-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-05 23:36 - 2014-05-03 08:30 - 01016261 _____ (Thisisu) C:\Users\Kids\Desktop\JRT_NEW.exe

    Some content of TEMP:
    ====================
    C:\Users\Kids\AppData\Local\Temp\avgnt.exe
    C:\Users\Kids\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Kids\AppData\Local\Temp\FirewallAPI.dll
    C:\Users\Kids\AppData\Local\Temp\information.exe
    C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
    C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-30 12:10

    ==================== End Of Log ============================


    • 0

    #44
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    How is it running now?


    • 0

    #45
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
    Ran by Kids at 2014-05-03 12:22:15
    Running from C:\Users\Kids\Contacts\Desktop\Virus\New folder
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{AD2C4469-ACD9-4E78-91DE-A6BF6459959A}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Profiles Desktop (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0978 - Ezvid, inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
    Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
    Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
    Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
    Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
    Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
    LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
    Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    20-04-2014 19:54:16 Installed iTunes
    21-04-2014 10:00:21 Windows Update
    23-04-2014 02:56:03 Installed Microsoft Fix it 50688
    23-04-2014 02:56:40 Installed Microsoft Fix it 50688
    30-04-2014 19:17:22 Scheduled Checkpoint
    02-05-2014 13:46:20 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {4C647E78-AC49-4877-843D-664969E43CCA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {63590C8E-D0BE-4E98-922D-709118EEE9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe
    Task: {99567155-FDAD-44B5-9066-7D7FF9FFBE3F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
    Task: {C9D71317-FA0F-4856-B676-BC8399A62A3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-08-18 16:44 - 2011-08-18 16:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-04-24 11:31 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2014-01-29 09:00 - 2009-08-21 16:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    2012-04-24 11:31 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
    2011-08-18 16:44 - 2011-08-18 16:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-08-18 17:03 - 2011-08-18 17:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2013-01-25 20:16 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-29 09:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    2014-01-29 09:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
    2012-04-24 11:31 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
    2014-03-28 18:52 - 2014-03-28 18:52 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/03/2014 11:16:48 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


    System errors:
    =============
    Error: (05/03/2014 10:52:19 AM) (Source: DCOM) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================
    Error: (05/03/2014 11:16:48 AM) (Source: SideBySide)(User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


    ==================== Memory info ===========================

    Percentage of memory in use: 30%
    Total physical RAM: 5626.02 MB
    Available physical RAM: 3910.95 MB
    Total Pagefile: 11250.21 MB
    Available Pagefile: 9241.07 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:440.59 GB) (Free:372.11 GB) NTFS
    Drive d: (八月 11 2013) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 82BC915B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25 GB) - (Type=12)

    ==================== End Of Log ============================


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP