[JCSW7777]

Hello,

 

My computer has recently been infected with something and its been a frustrating experience to say the least. I've tried 4-5 spyware/malware removal programs (superanti-spyware, spyware doctor, search and destroy) uninstalling the bad programs, system restores and still continue to have issues. I recently moved to China, so i'm sure I picked up something while browsing the net here, I use a VPN most of the time. 

 

First I get ads and popup adds everywhere on sites I visit, even sites that shouldn't have ads there. Secondly my search browser is commonly redirected. These issues seem to be semi fixed every time I run a scan but come back eventually. Most importantly however, my computer is having severe performance issues. There is alot of lag when I try to open programs, and just alot of delay in general when performing actions. Alot of even simple programs (word, excel) will end up not responding after a while and crash.

 

Please help! A friend told me about the amazingness of these forums and how you were able to resolve all his malware/virus/spyware issues. I would so much greatly appreciate it if you could help me out too! I've tried many many things and it is just so frustrating. Thank you!

 

 

 

 

OTL Extras logfile created on: 8/16/2014 9:55:28 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jon\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17207)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.89 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 20.00% Memory free

16.34 Gb Paging File | 4.39 Gb Available in Paging File | 26.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.10 Gb Total Space | 12.85 Gb Free Space | 2.84% Space Free | Partition Type: NTFS

Drive E: | 59.62 Gb Total Space | 59.52 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

Drive Y: | 13.62 Gb Total Space | 6.28 Gb Free Space | 46.15% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07EF31FA-B40C-4F34-A2D3-ABED05FC9709}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{0A74CA4F-BE6F-4AC8-AB66-3D78E5E644A1}" = lport=445 | protocol=6 | dir=in | app=system | 

"{0BCB40EE-5EA6-4793-AD76-CE24744F9D15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0EBF068C-0202-49D0-8FC3-AA19944A286B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{0ED0234E-0ECA-4ABC-8B08-1DE850C93E0B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{174CF101-06E1-4001-9C71-6919E890CB4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{1C05DBFA-A8C8-419E-B50B-ED980164A499}" = lport=50000 | protocol=17 | dir=in | name=sina_live | 

"{1E9F3EEB-2203-46CB-891F-75B412586AA5}" = lport=6001 | protocol=6 | dir=in | name=sina_live | 

"{294A4664-1015-4175-A7A3-3DC8584CDBC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2B827DD7-758D-425F-81BF-2A5DC69B0F20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{2EC39B10-720E-4BA1-8D07-42CCEB66B4AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4A5078DA-114C-439E-A26F-835454AF1EE9}" = rport=139 | protocol=6 | dir=out | app=system | 

"{4FA02D83-4930-4492-A0C0-89F61922FCD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{50BCC01A-88C6-46AE-9CB2-4448EC0AA5E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{56CA0CF5-9D2E-4A52-B99E-8F4909BB4C17}" = rport=445 | protocol=6 | dir=out | app=system | 

"{5B25FE0F-EE1B-426F-B8FD-D8264BD43D19}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{622A6517-F5BD-4B5D-A0B6-E7F8FC13D6FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6FB753D7-DF9B-450C-A35A-1B024B99D973}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 

"{7076B973-E4EF-472C-A206-FC57833BA7FB}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{7181C07B-795D-4021-B962-4442E800A3DD}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{7E9A4395-E279-4A71-82E2-5D7AE2387BAF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{8907B7C5-DE9B-49D2-B40A-7B95067FC152}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{89897492-483D-46A3-9D0C-CBF888DEC084}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8C9E5C80-EB45-4918-B6DE-DBDC30EFCF93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{9099C1DA-65C9-4108-8826-AA6CFC6A14F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 

"{B9B62A13-3B05-4B9A-A2A9-C6F82FF80066}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{BFC9BBB8-1166-4593-8184-18B8B853D963}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CF01DB1F-A6B8-4D1B-96D4-ED0AEAB082C8}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{D4CF9CB1-A99C-468F-963D-65DD3F2BB710}" = lport=50001 | protocol=17 | dir=in | name=sina_live | 

"{DA9E8007-4BE5-494C-8EA3-622101ABA381}" = rport=137 | protocol=17 | dir=out | app=system | 

"{E811EBA9-79A8-4FB3-8454-AE0C5953DC8F}" = rport=138 | protocol=17 | dir=out | app=system | 

"{E9A2A307-BA44-4D62-BBFD-D8D580120511}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{EFC37589-62DC-48FB-A2A3-9B51D73DA367}" = lport=139 | protocol=6 | dir=in | app=system | 

"{F62FE2D3-FEAF-4913-8EDA-94AD42694A1E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 

"{FB1FB80E-C93E-42C3-868C-6308AC0A87A2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{FCA6C006-C858-4CD5-8E5E-E7B6C65AA7AF}" = lport=138 | protocol=17 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00A08467-E4A4-43B7-BE8D-626F37BEEF65}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 

"{01AE8DE0-8612-417C-95EA-B3D05E9920C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 

"{034FB3F8-5949-421E-84C1-390509CC252D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{04D7F1E0-9B7E-4EAD-804D-F41B7BA3D199}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 

"{06630018-2CD2-4987-A1E9-22D17BFF6CAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 

"{0727C51A-449A-496B-A9C6-6A2F08FA8B5E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 

"{08F3AA14-3F85-4608-89B1-E89585D3FB47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0996F0E8-6050-4712-BB75-083308A9F0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 

"{0AC2351B-B441-4A63-B32B-DCC69759FC10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 

"{0C2AC89F-B0A7-432B-829F-516BA5AAF1D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\south park - the stick of truth\south park - the stick of truth.exe | 

"{0D7B9F3A-6E02-4DC2-8D6F-6E735C39138A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe | 

"{0DBBA490-488B-43D4-8DD7-35EA7BC01B0D}" = protocol=6 | dir=in | app=c:\users\jon\appdata\roaming\utorrent\utorrent.exe | 

"{18E3D698-0BB3-455D-9D4D-73DC34BDEE31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 

"{19DF73B7-9770-4A1D-9B7D-7A04F256A140}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{1E3AAE33-887C-4317-91E6-910FAA367E26}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 

"{1E48A969-2778-416B-A497-B36A3FA9C5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 

"{210AC24A-D9FD-442B-BFC1-12BA3ABAB817}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2268D2F5-601E-45A6-B295-F5413DD9E584}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 

"{22A65F3A-C8E8-4725-B309-5EC8CA2DC2A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 

"{22BF170A-01BD-474F-A78F-691EC4827489}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 

"{232BB109-F26F-43FF-A1CC-20CF3D53616E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 

"{34BD5455-DE52-45CB-9F6D-E20EBB16BEE5}" = protocol=6 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 

"{39D34547-54A4-4063-BFC6-505B3BB666E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 

"{3B01CB33-2977-4A3A-B3AF-D317E4A34CA5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 

"{43C0B00A-3A17-4943-83ED-93B3CC7857F8}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

"{47D4389A-7B18-4D1E-921F-D67F0FFEE637}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{4EAA3D3F-69F8-4CC7-8B13-400C67BCDC43}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{521AEBC4-CA2C-4362-A500-2D05DFE80AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{52F83A45-22EC-4C96-9EE2-5F427A48F6CF}" = protocol=17 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii public test.exe | 

"{56DB3B11-1B4C-44DC-B0FA-AD97E5ACA0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 

"{5B62FC2D-B2E8-4DA1-90EE-4CF046E9398F}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"{5C790785-82FB-4154-ADD3-0CDD1F85DBE2}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 

"{5D5F4F77-2AC7-4C26-B3A5-8676A0BD3998}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | 

"{5E3854BB-25C1-4677-AC54-B5DB318DB10E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{5EA932DF-F9D6-495D-9AB1-F41A8B50A36B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 

"{5F0D6644-BC74-474C-B7A3-8930A5C732F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5FD5AC83-69C7-4059-818D-BC23CC435FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{6288263C-CBCD-4B58-8E29-600F2523E94E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 

"{63A2B01D-67AC-4186-92D2-DD4E29EC354C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | 

"{642154F6-3209-48C3-BD78-C5E3E0EEDB16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 

"{6485B7CE-5AED-4A53-8B75-74E3342AD21B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 

"{675BC0E6-D4F1-42C6-8CE2-FD065BA7B5BA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{681F728D-6E53-4615-BAD6-758A6761FB42}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 

"{69953EA9-E82F-4DEE-A811-FDAECA3100E2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{6A532B86-CB7D-428E-AC17-031268A64ACA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 

"{6E9975F6-0A57-421C-BB03-E04705296455}" = protocol=6 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 

"{7029CCD5-A93A-4C0A-A57C-65D2A36813AF}" = protocol=17 | dir=in | app=c:\users\jon\appdata\roaming\utorrent\utorrent.exe | 

"{709FCBD6-9EDC-4059-BB67-BBE129E9CDD8}" = protocol=6 | dir=out | app=system | 

"{7132988B-0BB4-44CD-8994-F2660D59F73C}" = protocol=58 | dir=out | [email protected],-28546 | 

"{74C6FC68-A3BD-4A0E-A3A5-0DCF9F1948F8}" = protocol=17 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii.exe | 

"{77DAA9C9-4DF8-4C25-A373-CF0071326F84}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{782BE8C1-ED32-4F70-B625-4401E16F6E27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 

"{79AC993F-E8E0-4D3E-8DFA-F52B0AC62FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 

"{79E7F60F-E6E1-4150-9580-CF46B899AE17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 

"{7AE6D7E9-90AC-4448-95A0-D983545EF41B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 

"{7B2600DE-6AB6-4FBA-8F78-3463A31EF2DB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe | 

"{7E92D05E-EE9D-4949-8B5A-771D46C17787}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 

"{7FA88456-E2FC-4414-934F-CDA1294795D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 

"{803591CC-5973-43D7-A107-FBB2A8A612AD}" = protocol=58 | dir=in | [email protected],-28545 | 

"{83711B08-1B06-44D0-B182-C6C3DF9D2D16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 

"{83A00A0C-6AC3-4405-AF78-B2B1FF99741B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8605233E-4755-4EDB-87ED-83F3A3FC4A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 

"{876B01B0-210B-4DD7-92E1-EFCE5EE19B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 

"{88EECD4F-B294-48B8-A40B-019764245289}" = protocol=6 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii.exe | 

"{8AA8DE3C-5640-41AE-9DB2-054BDEEE8E84}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 

"{8E561BA7-C04D-42C0-8D62-67A3AF7CB9BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{902BB229-3F6E-41C3-9A30-E049DC967918}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 

"{91C37F2B-6F72-43EB-89E9-EFE567EC57C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\south park - the stick of truth\south park - the stick of truth.exe | 

"{942C91A4-F919-4D74-BC09-89E216DC64E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 

"{96ECC9B8-9584-422A-A1FA-EEBD4251FBAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 

"{987B9539-4C67-41D1-BE92-D891CD71F922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 

"{9B3E89DA-F69E-4927-9416-0AE608988D3B}" = protocol=1 | dir=in | [email protected],-28543 | 

"{9DF5DD74-53D7-4095-A343-96B8CE67FC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A3A3433E-3896-4C01-A0F8-54892FDF47E8}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe | 

"{A46BF2B9-9D00-4489-AEE2-39C67ADF8FB6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{A7703FAC-43CC-49D0-8E06-C2D7C819C74D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 

"{A91ACE0B-1D5A-424D-9CE1-EF56B9851CF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 

"{AC39649B-16E5-4722-9489-046FF5C4E356}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe | 

"{AE1DE715-9340-456F-9701-AB0F6C2EE0E3}" = protocol=17 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 

"{C1312D99-45DF-4BFE-A665-5C47B99CD67A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 

"{C14CE5B4-8EB3-4737-8B4F-8B7B5C89C4FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 

"{C4B3FF6C-23AF-4E7B-AB36-AA458B695C5E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{C62CBB1C-ABF6-43BE-80B7-DDD74750536E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C6503F9C-CDF3-4610-83D6-0F11076A4FB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 

"{C8E881E9-7DC9-46EE-98DB-891DCED61014}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CC527EA5-D2F2-475F-9457-37456B266AEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 

"{CCF899E7-D68A-438C-8AD7-15606ECC588E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{CE3EDB59-47DD-401F-9E3F-AC680FB8489D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{D22FEFFF-1AA6-4111-861E-A2B3621AD0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 

"{D25194BB-375C-4560-986A-8B3345CC746D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 

"{D40DC43B-2096-4A3E-9AFB-20031D0AF8D7}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 

"{D534B311-41E5-4DDC-B221-25C7D40D0864}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 

"{D623612E-7C66-4465-98DC-94ED0340C9CF}" = protocol=58 | dir=in | [email protected],-148 | 

"{D73F49A9-8093-40D5-B6D2-AC4FF011914C}" = protocol=6 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii public test.exe | 

"{DBD242C5-8841-4EC8-B090-448C078FD3F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{DE226AB5-F6BF-4CFC-A770-3F4AE531D756}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{E3A4F528-0449-4D98-B50C-CB9834DB0810}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{E621C09E-D7EC-4A48-922B-3D5C2410D40D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E7CF2A54-0673-41C1-8A19-6A41690170F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 

"{E8387CC2-2A92-4856-A4C3-AF2B314F217A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 

"{EAECB19F-970D-4AE3-8F4A-6A535C690719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 

"{F0A568A5-5F9C-4031-8E49-DAB275285224}" = protocol=1 | dir=out | [email protected],-28544 | 

"{F0E22672-A91B-47AF-8A25-B35AC27AB7B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{F20CD73F-4510-4853-807C-442C2D7FE296}" = protocol=17 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 

"{F380F653-841F-4D2F-AFB3-64D61AFBD17B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{F7719FCF-07B3-4122-B8C0-18866ADBF1BB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{FACD0A6F-0A70-41A9-8A49-A2BD855F5564}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{FB064FE4-7E01-4C83-9FBF-4619155A3157}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{FFCB8EBA-46E5-4022-A425-7BF1E95F8074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 

"TCP Query User{251CB94B-1659-4A07-ACE7-31EBBF7D23D2}D:\=saga=战地2绿色版\bf2.exe" = protocol=6 | dir=in | app=d:\=saga=战地2绿色版\bf2.exe | 

"TCP Query User{2FC5CA96-774E-4D30-910F-5344BE7650F7}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"TCP Query User{33B708EC-8A80-459F-852C-83EC42426D85}C:\users\jon\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\jon\downloads\mtgoiii_helper.exe | 

"TCP Query User{5482EB67-9A56-42BA-A942-E17E8A57CD68}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 

"TCP Query User{9A237776-F805-4D7C-998A-CB20D2A7F284}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe | 

"TCP Query User{AD563ED9-2854-452A-9E15-A3E5BE5BBD2A}C:\program files (x86)\njstar communicator\minismtp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\njstar communicator\minismtp.exe | 

"TCP Query User{EECEF6D3-274E-43EA-863C-36154792E494}C:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe | 

"UDP Query User{0AB33775-B20B-491C-8AE1-FE467469F651}C:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe | 

"UDP Query User{6F04884E-8D3F-4C13-B688-459B3BCEE84C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 

"UDP Query User{7777E3D6-E6E4-426A-9CFC-50DBF7602BDD}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"UDP Query User{99E585E8-33C1-4958-9145-920F9FDC2E4C}D:\=saga=战地2绿色版\bf2.exe" = protocol=17 | dir=in | app=d:\=saga=战地2绿色版\bf2.exe | 

"UDP Query User{AC65EC4A-A462-4807-8F45-82191DEA8EB1}C:\users\jon\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\jon\downloads\mtgoiii_helper.exe | 

"UDP Query User{D0B2EDE1-B100-4C12-930D-6C082EDA552A}C:\program files (x86)\njstar communicator\minismtp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\njstar communicator\minismtp.exe | 

"UDP Query User{DAF41793-B6CB-4D84-8134-34F2395ADC9E}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client

"{5F588B19-C575-4750-86FD-6ED2B76E61F1}" = Intel® PROSet/Wireless WiMAX Software

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software

"{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center

"McAfee Security Scan" = McAfee Security Scan Plus

"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us

"PC-Doctor for Windows" = AlienAutopsy

"ProInst" = Intel PROSet Wireless

"Sublime Text 2_is1" = Sublime Text 2.0.2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{025C48E1-4695-4F49-906E-EBABCD54EA51}" = Soda PDF 3D Reader

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}" = 微软设备健康助手

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call

"{6EB6293C-9286-4981-8672-956E1A92F33B}_is1" = StrongVPN Client

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)

"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C45E715E-442E-4D82-BD46-A08A0870957C}" = Sound Blaster Recon3Di Extras

"{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}" = Sound Blaster Recon3Di

"{CA32CD83-2627-40DB-B16B-43D4752A4A4C}" = TurboTax 2012 wmaiper

"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3

"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper

"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Battlelog Web Plugins" = Battlelog Web Plugins

"Google Chrome" = Google Chrome

"Heritage Sports 8.2" = Heritage Sports 8.2

"InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display

"InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center

"Media Player - Codec Pack" = Media Player Codec Pack 4.3.1

"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"StarCraft II" = StarCraft II

"Steam App 200510" = XCOM: Enemy Unknown

"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer

"Steam App 213670" = South Park™: The Stick of Truth™

"Steam App 231430" = Company of Heroes 2

"Steam App 400" = Portal

"Steam App 40100" = Supreme Commander 2

"Steam App 50650" = Darksiders II

"Steam App 570" = Dota 2

"Steam App 8870" = BioShock Infinite

"Steam App 8930" = Sid Meier's Civilization V

"TurboTax 2012" = TurboTax 2012

"VLC media player" = VLC media player 2.1.3

"WinRAR archiver" = WinRAR 5.00 (32-bit)

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"8e3135b376bd523e" = Dell System Detect Bootstrapper

"9204f5692a8faf3b" = Dell System Detect

"Dropbox" = Dropbox

"uTorrent" = µTorrent

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/15/2014 6:41:52 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 6:41:53 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 6:41:54 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 6:41:57 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 6:41:58 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 9:43:41 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 9:43:42 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 9:43:43 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 9:44:12 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227

Description = 

 

Error - 8/15/2014 9:54:06 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image

 of binary STMicroelectronics Accelerometer Service.  System Error: The system cannot

 find the file specified.  .

 

[ System Events ]

Error - 8/15/2014 10:02:39 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:03:41 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:03:41 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:04:02 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:04:43 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:04:43 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:05:45 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:05:45 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:06:46 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

Error - 8/15/2014 10:06:46 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable.  Please

 run the chkdsk utility on the volume D:.

 

 

< End of report >

 

[Advertisements]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on the icon and select Run as Administrator to start the tool.
• Allow virtualisation if offered.
• If you are prompted to download the latest anti-virus definitions from avast!, click No.
• Select Scan.
• Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on the icon and select Run as Administrator to start the tool.
• Allow virtualisation if offered.
• If you are prompted to download the latest anti-virus definitions from avast!, click No.
• Select Scan.
• Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software

[JCSW7777]

Hello Naat!

 

Thank you so much for your response, getting your help is just awesome!, I read your instructions carefully and below are the attached information you requested. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04

Ran by Jon (administrator) on JON-PC on 17-08-2014 09:20:26

Running from C:\Users\Jon\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe

() C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe

(LULU Software Limited) C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe

(LULU Software Limited) C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe

(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongService.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe

() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe

(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell) C:\Users\Jon\AppData\Local\Apps\2.0\E501HQH7.W7B\ZYYOXPZQ.9Y7\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe

(Dropbox, Inc.) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongDial.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2011-12-02] (Intel® Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-20] (Intel Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [StrongVPN Client] => C:\Program Files (x86)\StrongVPN\StrongDial.exe [1456976 2013-10-31] (Black Oak Computers, Inc.)

HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [uTorrent] => C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)

HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [DellSystemDetect] => C:\Users\Jon\AppData\Local\Apps\2.0\E501HQH7.W7B\ZYYOXPZQ.9Y7\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-25] (Dell)

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-01-19] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-01-19] (NVIDIA Corporation)

Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienware....com/welcome-us

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = http://www.bing.com/...IE9TR&pc=MDDCJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = http://www.bing.com/...IE9TR&pc=MDDCJS

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = http://www.bing.com/...IE9TR&pc=MDDCJS

SearchScopes: HKCU - DefaultScope {56A9BE03-3D8C-44F8-8418-F0A4F042B7B3} URL = http://www.baidu.com...d={searchTerms}

SearchScopes: HKCU - {170BC0F4-DE61-408D-A6B8-EB517C75243E} URL = http://search.yahoo....p={searchTerms}

SearchScopes: HKCU - {4B9C024A-E2D5-4584-959F-6FF0D6B8DEF0} URL = http://search.yahoo....p={searchTerms}

SearchScopes: HKCU - {56A9BE03-3D8C-44F8-8418-F0A4F042B7B3} URL = http://www.baidu.com...d={searchTerms}

SearchScopes: HKCU - {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Soda PDF 3D Reader Helper -> {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} -> C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEHelper.dll (LULU Software Limited)

BHO-x32: Slick Savings -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Jon\AppData\Roaming\Slick Savings\Coupons.dll No File

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM-x32 - Soda PDF 3D Reader Toolbar - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEPlugin.dll (LULU Software Limited)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 202.106.195.68 202.106.46.151

Tcpip\..\Interfaces\{0148C10C-EB4C-4014-8E7E-80EAAA262B14}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{079CB822-48E2-49CD-9E34-7B6540A75446}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{08E15290-2EE6-4151-AE33-734EE05F02DC}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{08F5AEA4-24C6-4E89-B55F-8B9CFEAA3A71}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{09F6BAB6-5725-4AD6-A12B-D367E94CC2D0}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{0C5FE3CA-1D6F-42A9-978C-DC2ECEC1FB5A}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{1075C2A1-9234-4200-B4AF-74684863EC76}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{16D92A23-F0DF-4047-A65A-320223E60B0F}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{1AB172AC-0247-4112-8AEF-A35AF426D5E8}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{210AF53E-DC0A-4851-9A9C-6283C0644185}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{25EDA11A-5186-48E8-B777-D762D8EBC3B4}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{315EF552-8A64-4DCD-8817-C64594FCE1F1}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{31F43AEF-7A68-4B72-9422-F676E3EDAB0D}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{33091582-1C22-466A-B1E4-56C5C3E50EEB}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{35CF4281-91F3-406B-A4AF-3135FA799FCE}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{374924F8-731A-495A-902D-9F4B181033F8}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{38EADBE5-633A-4C28-B06B-1F302F860620}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{3A4C6DD2-7E3B-439D-9F91-3ADE1070706F}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{4092EDB9-9E52-4820-8BDD-F89556268786}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{41CCE0C2-5AC0-4EBB-AF25-AD0925675E09}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{44A778D4-1F2D-4428-9837-399EE090CAAB}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{475DC75E-A062-43FE-9A0F-89318C24A9B2}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{47B4DF88-AB8E-45C0-B526-E28FB87283A6}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{48254986-FF82-458E-8B41-C0875A8F0841}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{4F16831C-8A8B-4265-B5F8-2D1EB5143AD9}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{4F3861DF-294C-4FC6-9C6D-EC89878EBF83}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{53ED3653-11BD-4B0E-865F-7566A85493FB}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{54321544-E1D1-4B73-A50D-B8AE5A40070A}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{5678F66C-B7D4-403F-9865-D8F223E3C973}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{56D6EF08-C556-4598-9823-A67B18A52A8F}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{57111A7F-A7F0-469E-86EF-833FC6F4023C}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{5C14686B-DA9A-4564-B9C2-EAEC6A960248}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{5F6916D3-CCA2-4C42-9462-4F856ACBA3CE}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{609362C2-02B6-464A-B0C5-23FFC98550C8}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{61914B7D-95E5-4A7A-B7BC-AB2FF0B0CFCC}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{6C79A3EC-969A-4360-BA57-8F6443230160}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{6E7178A7-BE24-41C9-B0B3-AF6534A78B5A}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{72114875-4B52-4875-8A66-DF7D3DD9F98B}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{77D9EC10-89C2-4244-A4B7-AA658B7CB013}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{81A780E2-2A09-492F-B84C-D13DBEF579D7}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{81FF2FF6-D559-48D1-8EF7-DFE224D8EF6F}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{82C14FD6-59C6-4995-B47D-69E6D797B306}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{838BCC98-6A0C-4B70-89AC-699AAF972773}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{84D27277-0227-44AC-B316-2E33EF11C57D}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{89E32355-4A07-4737-A1AA-DF7445FA09D3}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{8AA910A2-082C-4E8A-BC8B-70F02FFB508C}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{8DB241B6-2A80-4F61-96CB-5D0CE19A5A57}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{9EC0E35D-3963-43DF-826E-565AC691ACAE}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{A2670CA4-3FE3-4833-A27A-2A81CB39E8E5}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{A72C1604-E8FB-4C71-8B23-642F4E32E9EE}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{B9B1377F-89BE-4B01-8428-B222DE211B6D}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{C3871C3F-BCBC-459C-A524-90985B79D284}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{CDA3FF3D-D5F5-4F35-8F41-20D43F63FBFD}: [NameServer]219.141.140.10 219.141.136.10

Tcpip\..\Interfaces\{CEC8F194-A5AE-451C-AC63-5F1A2C11B75C}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{D036949F-C374-48E8-B69C-61723C811C62}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{D0D4D5A2-6B3B-4E0F-8F64-DFBAE9118343}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{D3F875FF-9F06-4A8E-A125-1DAC591E6EC6}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{DA05E8C2-2506-43E8-A1E3-F61B920FF0AD}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{DEE18DF8-33D3-4695-B640-0059A23E494F}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{E278746A-D886-4627-B299-7A7E523B1E02}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{E5CEE4DC-4F28-49D0-A116-3190F6FD11AF}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{E82E4AF9-8B4B-467C-BC01-3757D28937DB}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{EB9314C7-A004-4C66-BEFC-32391C6EF298}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F5CE60A2-497B-4E75-9F18-2FA34A4AACB3}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F73E8BEF-0F12-4B43-B2CB-4903E1EE7EAA}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F7952B5C-DE7B-4FB1-8E08-477C41B2B16B}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F7C0BBE9-5B7B-4221-AB7E-E5D202123D32}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F85CB3E8-79BE-43DA-BBF4-9D4AA8068377}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{FA5FBB75-EB6D-42D2-8AA4-761BEEADD719}: [NameServer]8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{FC7299AC-481F-4425-BBCB-E139760EF79E}: [NameServer]8.8.8.8 8.8.4.4

 

FireFox:

========

FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default

FF DefaultSearchEngine: 百度

FF SelectedSearchEngine: 百度

FF Homepage: hxxp://baidu.com/

FF Keyword.URL: hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)

FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)

FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default\searchplugins\baidu.xml

FF Extension: DealsFindoeRPro - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default\Extensions\[email protected] [2014-08-13]

FF Extension: saveron - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default\Extensions\[email protected] [2014-07-31]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

 

Chrome: 

=======

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]

CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-24]

CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-24]

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]

CHR HKLM-x32\...\Chrome\Extension: [jpammgopeogkfkfjafahnachhacngopo] - C:\Users\Jon\AppData\Local\imeshvuzebandoo\GC\toolbar.crx [2013-10-14]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Jon\AppData\Local\Slick Savings\coupons.crx [2014-05-25]

CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-23]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]

R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-20] (Creative Technology Ltd) [File not signed]

R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-28] (Creative Technology Ltd)

R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [85664 2014-06-06] ()

R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2011-12-01] (Red Bend Ltd.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-02] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()

R2 Soda PDF 3D Reader Helper Service; C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe [1162592 2013-08-20] (LULU Software Limited)

R2 Soda PDF 3D Reader Service; C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe [852320 2013-08-20] (LULU Software Limited)

R2 StrongVPN Service; C:\Program Files (x86)\StrongVPN\StrongService.exe [73552 2013-10-31] (Black Oak Computers, Inc.) [File not signed]

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2011-12-01] (Intel® Corporation) [File not signed]

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-02-23] (Broadcom Corporation.)

R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-28] (Creative Technology Ltd)

S3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-03] (Dell Inc.)

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-20] (Intel Corporation)

R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-19] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [38760 2013-11-01] (The OpenVPN Project)

S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]

S3 btwaudio; system32\drivers\btwaudio.sys [X]

S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]

S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]

S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-17 09:20 - 2014-08-17 09:20 - 00028003 _____ () C:\Users\Jon\Downloads\FRST.txt

2014-08-17 09:19 - 2014-08-17 09:20 - 00000000 ____D () C:\FRST

2014-08-17 09:17 - 2014-08-17 09:18 - 02101760 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe

2014-08-17 00:44 - 2014-08-17 00:44 - 00078535 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e08.720p.hdtv.x264.killers.rartv.torrent

2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv.torrent

2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv (1).torrent

2014-08-16 14:39 - 2014-08-16 14:39 - 00026293 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e05.hdtv.x264.2hd.ettv.torrent

2014-08-16 10:07 - 2014-08-16 10:07 - 00084244 _____ () C:\Users\Jon\Downloads\Extras.Txt

2014-08-16 10:03 - 2014-08-16 10:03 - 00424190 _____ () C:\Users\Jon\Downloads\OTL.Txt

2014-08-16 09:55 - 2014-08-16 09:55 - 00602112 _____ (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe

2014-08-16 09:47 - 2014-08-16 09:47 - 00000000 ____D () C:\Program Files (x86)\saaveron

2014-08-16 09:46 - 2014-08-16 09:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jon\Downloads\HiJackThis.exe

2014-08-16 09:45 - 2014-08-16 09:45 - 00000000 ____D () C:\Program Files (x86)\DealssFiNderPrroo

2014-08-16 09:44 - 2014-08-17 08:27 - 00000340 _____ () C:\Windows\Tasks\微软设备健康助手自动更新.job

2014-08-16 09:44 - 2014-08-16 09:44 - 00003286 _____ () C:\Windows\System32\Tasks\微软设备健康助手自动更新

2014-08-16 09:44 - 2014-08-16 09:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Device Health

2014-08-16 09:34 - 2014-08-16 09:34 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_B94

2014-08-16 09:30 - 2014-08-16 09:32 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_DD5

2014-08-16 09:30 - 2014-07-01 06:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-16 09:30 - 2014-07-01 06:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-16 09:30 - 2014-03-10 05:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-16 09:30 - 2014-03-10 05:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-16 09:30 - 2014-03-10 05:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-16 09:30 - 2014-03-10 05:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-16 09:29 - 2014-06-06 14:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-16 09:29 - 2014-06-06 14:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-15 23:16 - 2014-08-15 23:16 - 00018120 _____ () C:\Users\Jon\Downloads\[kickass.to]cumfiesta.dillion.carter.molly.bliss.pure.bliss.07.29.2014.torrent

2014-08-15 23:00 - 2014-08-15 23:00 - 00096139 _____ () C:\Users\Jon\Downloads\[kickass.to]legends.2014.s01e01.720p.hdtv.x264.2hd.rartv.torrent

2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-15 14:12 - 2014-07-09 10:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-15 14:12 - 2014-07-09 09:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-15 14:12 - 2014-07-09 09:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-15 14:12 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-15 14:12 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-15 14:12 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-15 14:12 - 2014-07-09 06:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-15 14:12 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-15 14:11 - 2014-07-16 11:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-15 14:11 - 2014-07-16 10:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-15 14:11 - 2014-07-16 10:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-15 14:11 - 2014-06-03 18:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-15 14:11 - 2014-06-03 18:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-15 14:11 - 2014-06-03 18:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-15 14:11 - 2014-06-03 18:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-15 14:11 - 2014-06-03 17:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-15 14:11 - 2014-06-03 17:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-15 14:11 - 2014-06-03 17:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-15 14:10 - 2014-08-01 07:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-15 14:10 - 2014-08-01 07:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-15 14:10 - 2014-07-25 22:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-15 14:10 - 2014-07-25 22:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-15 14:10 - 2014-07-25 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-15 14:10 - 2014-07-25 21:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 14:10 - 2014-07-25 21:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-15 14:10 - 2014-07-25 21:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-15 14:10 - 2014-07-25 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-15 14:10 - 2014-07-25 21:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-15 14:10 - 2014-07-25 21:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-15 14:10 - 2014-07-25 21:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-15 14:10 - 2014-07-25 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-15 14:10 - 2014-07-25 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 14:10 - 2014-07-25 21:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-15 14:10 - 2014-07-25 21:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-15 14:10 - 2014-07-25 21:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-15 14:10 - 2014-07-25 20:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-15 14:10 - 2014-07-25 20:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-15 14:10 - 2014-07-25 20:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-15 14:10 - 2014-07-25 20:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 14:10 - 2014-07-25 20:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-15 14:10 - 2014-07-25 20:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-15 14:10 - 2014-07-25 20:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-15 14:10 - 2014-07-25 20:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-15 14:10 - 2014-07-25 20:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-15 14:10 - 2014-07-25 20:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 14:10 - 2014-07-25 20:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-15 14:10 - 2014-07-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 14:10 - 2014-07-25 20:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-15 14:10 - 2014-07-25 20:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-15 14:10 - 2014-07-25 20:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 14:10 - 2014-07-25 20:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-15 14:10 - 2014-07-25 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 14:10 - 2014-07-25 20:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-15 14:10 - 2014-07-25 20:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 14:10 - 2014-07-25 19:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 14:10 - 2014-07-25 19:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-15 14:10 - 2014-07-25 19:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-15 14:10 - 2014-07-25 19:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-15 14:10 - 2014-07-25 19:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-15 14:10 - 2014-07-25 19:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-15 14:10 - 2014-07-25 19:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-15 14:10 - 2014-07-25 19:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 14:10 - 2014-07-25 19:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 14:10 - 2014-07-25 19:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-15 14:10 - 2014-07-25 19:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 14:10 - 2014-07-25 19:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 14:10 - 2014-07-25 19:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-15 14:10 - 2014-07-25 19:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 14:10 - 2014-07-25 18:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-15 14:10 - 2014-07-25 18:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-15 14:10 - 2014-07-25 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-15 14:10 - 2014-07-25 18:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-15 14:10 - 2014-07-25 18:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 14:10 - 2014-07-25 18:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 14:06 - 2014-08-07 10:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-15 14:06 - 2014-08-07 10:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-15 14:06 - 2014-07-14 10:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-15 14:06 - 2014-07-14 09:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-14 23:37 - 2014-08-14 23:37 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog (1).xlsx

2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv.torrent

2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv (1).torrent

2014-08-13 16:24 - 2014-08-17 00:00 - 00001456 _____ () C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-08-13 15:49 - 2014-08-13 15:49 - 00003494 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jon-PC-Jon

2014-08-13 15:08 - 2014-08-16 09:45 - 00000000 ____D () C:\ProgramData\DealssFiNderPrroo

2014-08-13 09:52 - 2014-08-13 09:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk

2014-08-13 09:52 - 2014-08-13 09:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-08-13 09:51 - 2014-08-13 09:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk

2014-08-13 09:50 - 2014-08-13 09:52 - 00000000 ____D () C:\Program Files\Adobe

2014-08-13 09:50 - 2014-08-13 09:50 - 00001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

2014-08-13 09:49 - 2014-08-13 09:49 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

2014-08-13 09:45 - 2014-08-13 09:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

2014-08-13 09:45 - 2014-08-13 09:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

2014-08-13 09:39 - 2014-08-13 09:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-08-12 16:00 - 2014-08-12 16:00 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (2).xls

2014-08-10 00:50 - 2014-08-10 00:50 - 00051035 _____ () C:\Users\Jon\Downloads\[kickass.to]bigmouthfuls.13.09.30.dillion.carter.xxx.720p.mp4.ktr.torrent

2014-08-09 21:08 - 2014-08-09 21:09 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog.xlsx

2014-08-08 23:55 - 2014-08-08 23:55 - 00138219 _____ () C:\Users\Jon\Downloads\[kickass.to]adobe.photoshop.cs6.13.0.1.extended.final.multilanguage.cracked.dll.chingliu.torrent

2014-08-08 10:24 - 2014-08-08 10:24 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (1).xls

2014-08-08 10:20 - 2014-08-08 10:21 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08.xls

2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4.torrent

2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4 (1).torrent

2014-08-06 10:20 - 2014-08-06 10:20 - 00035832 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent

2014-08-05 00:35 - 2014-08-05 00:35 - 00096256 _____ () C:\Users\Jon\Desktop\PI-US-Jon 140805 191usd Aspire Sample.xls

2014-08-03 23:26 - 2014-08-09 01:45 - 03949568 _____ () C:\Users\Jon\Desktop\Witshine.xls

2014-08-03 19:42 - 2014-08-15 14:09 - 00000000 ____D () C:\Users\Jon\Desktop\Thunder Cloud Vapers

2014-08-03 16:49 - 2014-08-17 02:00 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0.job

2014-08-03 16:49 - 2014-08-17 00:49 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46.job

2014-08-03 16:49 - 2014-08-03 16:49 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0

2014-08-03 16:49 - 2014-08-03 16:49 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46

2014-08-03 16:49 - 2014-08-03 16:49 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com

2014-08-03 16:47 - 2014-08-17 00:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-08-03 16:47 - 2014-08-03 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-08-03 16:47 - 2014-08-03 16:47 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2014-08-03 16:47 - 2014-08-03 16:47 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-08-03 16:45 - 2014-08-03 16:46 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Jon\Downloads\SUPERAntiSpyware.exe

2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\Users\Jon\AppData\Local\Skype

2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-08-03 00:56 - 2014-08-03 00:56 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Jon\Downloads\SkypeSetup(1).exe

2014-08-03 00:37 - 2014-08-03 00:47 - 00000000 ____D () C:\Users\Jon\Desktop\Photo Book

2014-08-02 23:43 - 2014-08-03 10:01 - 00000000 ____D () C:\Users\Jon\Desktop\K1 Pictures and relationship evidence

2014-08-02 19:54 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-02 19:54 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-02 19:54 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-02 19:54 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-02 19:54 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-02 19:54 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-02 19:54 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-02 19:54 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-02 19:54 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-02 19:54 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-02 19:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-02 19:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-02 19:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-02 19:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-02 18:12 - 2014-08-02 18:13 - 00563731 _____ () C:\Users\Jon\Downloads\install.exe

2014-08-01 23:54 - 2014-08-06 10:24 - 00000000 ____D () C:\Users\Jon\AppData\Local\alipay

2014-08-01 23:54 - 2014-08-01 23:54 - 00000000 ____D () C:\alipay

2014-07-31 23:20 - 2014-08-16 23:26 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\TaobaoProtect

2014-07-31 22:33 - 2014-07-31 22:33 - 00043441 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e05.720p.hdtv.x264.killers.eztv.torrent

2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv.torrent

2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv (1).torrent

2014-07-31 22:33 - 2014-07-31 22:33 - 00012815 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e04.hdtv.x264.killers.eztv (1).torrent

2014-07-31 22:31 - 2014-07-31 22:31 - 00012927 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e03.hdtv.x264.asap.mp4.torrent

2014-07-31 22:30 - 2014-07-31 22:30 - 00023838 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e02.hdtv.x264.asap.ettv.torrent

2014-07-31 22:25 - 2014-07-31 22:25 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\alipay

2014-07-31 22:22 - 2014-08-07 14:24 - 00000000 ____D () C:\Program Files (x86)\alipay

2014-07-31 22:22 - 2014-07-31 22:22 - 00001078 _____ () C:\Users\Jon\AppData\Roaming\base64.cer

2014-07-31 22:21 - 2014-07-31 22:21 - 04151744 _____ () C:\Users\Jon\Downloads\aliedit.exe

2014-07-31 18:23 - 2014-07-31 18:24 - 01276520 _____ () C:\Windows\Minidump\073114-39889-01.dmp

2014-07-31 10:52 - 2014-07-31 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-31 10:05 - 2014-08-16 09:47 - 00000000 ____D () C:\ProgramData\saaveron

2014-07-31 10:05 - 2014-08-16 09:47 - 00000000 ____D () C:\ProgramData\93e16d846da0da69

2014-07-31 10:05 - 2014-07-31 10:05 - 00000000 ____D () C:\Users\Jon\AppData\Local\Packages

2014-07-31 01:48 - 2014-07-31 01:48 - 00011593 _____ () C:\Users\Jon\Downloads\[JSU发布组] RKI-111无码流出修复版 京香julia.torrent

2014-07-30 20:32 - 2014-07-30 20:33 - 01267168 _____ () C:\Windows\Minidump\073014-41371-01.dmp

2014-07-29 21:08 - 2014-07-29 21:08 - 01219768 _____ () C:\Windows\Minidump\072914-36644-01.dmp

2014-07-29 16:44 - 2014-07-29 16:45 - 01212840 _____ () C:\Windows\Minidump\072914-37377-01.dmp

2014-07-28 19:07 - 2014-07-28 21:43 - 00000000 ____D () C:\Users\Jon\Desktop\Taobao

2014-07-28 16:47 - 2014-07-28 16:47 - 01259800 _____ () C:\Windows\Minidump\072814-27690-01.dmp

2014-07-27 14:39 - 2014-07-27 14:40 - 01216552 _____ () C:\Windows\Minidump\072714-38781-01.dmp

2014-07-26 23:19 - 2014-07-26 23:19 - 20463341 _____ () C:\Users\Jon\Downloads\product catalog1.rar

2014-07-26 17:33 - 2014-07-26 17:34 - 01262768 _____ () C:\Windows\Minidump\072614-58547-01.dmp

2014-07-26 14:32 - 2014-07-26 14:33 - 01276720 _____ () C:\Windows\Minidump\072614-69810-01.dmp

2014-07-22 15:50 - 2014-07-22 15:50 - 00767456 _____ () C:\Windows\Minidump\072214-46878-01.dmp

2014-07-20 23:27 - 2014-08-17 08:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-20 23:27 - 2014-07-22 00:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-20 23:27 - 2014-07-20 23:27 - 00000000 ____D () C:\Users\Jon\AppData\Local\Macromedia

2014-07-20 22:23 - 2014-07-20 22:24 - 00000000 ____D () C:\Users\Sophia\AppData\Roaming\Mozilla

2014-07-20 22:23 - 2014-07-20 22:24 - 00000000 ____D () C:\Users\Sophia\AppData\Local\Mozilla

2014-07-20 17:18 - 2014-07-20 17:18 - 00008301 _____ () C:\Users\Jon\Downloads\[kickass.to]lorde.everybody.wants.to.rule.the.world.mp3.torrent

2014-07-20 06:16 - 2014-07-20 06:16 - 01192032 _____ () C:\Windows\Minidump\072014-58391-01.dmp

2014-07-20 02:24 - 2014-07-20 02:24 - 00011514 _____ () C:\Users\Jon\Downloads\[kickass.to]under.the.dome.s02e03.hdtv.x264.lol.eztv.torrent

2014-07-20 02:22 - 2014-07-20 02:22 - 00012871 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e04.hdtv.x264.lol.eztv (1).torrent

2014-07-19 11:40 - 2014-07-19 11:40 - 01262480 _____ () C:\Windows\Minidump\071914-55551-01.dmp

2014-07-18 23:52 - 2014-07-18 23:52 - 00015673 _____ () C:\Users\Jon\Downloads\[kickass.to]the.amazing.spider.man.2.2014.korsub.720p.webrip.x264.aac.jyk.torrent

2014-07-18 21:25 - 2014-07-19 12:12 - 00013106 ____H () C:\Users\Jon\Desktop\~WRL0915.tmp

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-17 09:20 - 2014-08-17 09:20 - 00028003 _____ () C:\Users\Jon\Downloads\FRST.txt

2014-08-17 09:20 - 2014-08-17 09:19 - 00000000 ____D () C:\FRST

2014-08-17 09:20 - 2013-07-10 23:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-17 09:19 - 2013-06-29 16:19 - 01347671 _____ () C:\Windows\WindowsUpdate.log

2014-08-17 09:18 - 2014-08-17 09:17 - 02101760 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe

2014-08-17 09:17 - 2013-11-04 22:46 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\.strongvpn

2014-08-17 09:16 - 2009-07-14 13:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-17 09:15 - 2009-07-14 12:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-17 09:15 - 2009-07-14 12:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-17 09:13 - 2013-09-10 10:14 - 00000000 ___RD () C:\Users\Jon\Dropbox

2014-08-17 09:13 - 2013-09-10 09:56 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Dropbox

2014-08-17 09:12 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing

2014-08-17 09:11 - 2013-07-14 09:02 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\uTorrent

2014-08-17 09:11 - 2013-06-29 15:00 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-08-17 09:11 - 2013-06-29 15:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-08-17 09:11 - 2013-06-29 14:54 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn

2014-08-17 09:10 - 2013-10-10 14:37 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-08-17 09:10 - 2013-07-10 23:34 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-17 09:10 - 2009-07-14 12:45 - 05073024 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-17 09:09 - 2013-10-08 21:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-08-17 09:09 - 2013-06-29 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-08-17 09:09 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-17 09:09 - 2009-07-14 12:51 - 00097954 _____ () C:\Windows\setupact.log

2014-08-17 09:07 - 2010-11-21 11:47 - 00430404 _____ () C:\Windows\PFRO.log

2014-08-17 09:07 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-17 08:27 - 2014-08-16 09:44 - 00000340 _____ () C:\Windows\Tasks\微软设备健康助手自动更新.job

2014-08-17 08:27 - 2014-07-20 23:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-17 02:00 - 2014-08-03 16:49 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0.job

2014-08-17 01:58 - 2014-05-25 16:54 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\vlc

2014-08-17 00:51 - 2014-08-03 16:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-08-17 00:49 - 2014-08-03 16:49 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46.job

2014-08-17 00:44 - 2014-08-17 00:44 - 00078535 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e08.720p.hdtv.x264.killers.rartv.torrent

2014-08-17 00:00 - 2014-08-13 16:24 - 00001456 _____ () C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-08-16 23:26 - 2014-07-31 23:20 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\TaobaoProtect

2014-08-16 14:49 - 2013-07-12 05:13 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv.torrent

2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv (1).torrent

2014-08-16 14:39 - 2014-08-16 14:39 - 00026293 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e05.hdtv.x264.2hd.ettv.torrent

2014-08-16 10:07 - 2014-08-16 10:07 - 00084244 _____ () C:\Users\Jon\Downloads\Extras.Txt

2014-08-16 10:03 - 2014-08-16 10:03 - 00424190 _____ () C:\Users\Jon\Downloads\OTL.Txt

2014-08-16 09:55 - 2014-08-16 09:55 - 00602112 _____ (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe

2014-08-16 09:50 - 2013-06-29 14:40 - 00000000 ____D () C:\Program Files (x86)\ST Microelectronics

2014-08-16 09:50 - 2013-06-29 14:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-08-16 09:47 - 2014-08-16 09:47 - 00000000 ____D () C:\Program Files (x86)\saaveron

2014-08-16 09:47 - 2014-08-16 09:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jon\Downloads\HiJackThis.exe

2014-08-16 09:47 - 2014-07-31 10:05 - 00000000 ____D () C:\ProgramData\saaveron

2014-08-16 09:47 - 2014-07-31 10:05 - 00000000 ____D () C:\ProgramData\93e16d846da0da69

2014-08-16 09:47 - 2014-07-14 11:18 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\NJStar

2014-08-16 09:46 - 2013-09-13 07:25 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-16 09:45 - 2014-08-16 09:45 - 00000000 ____D () C:\Program Files (x86)\DealssFiNderPrroo

2014-08-16 09:45 - 2014-08-13 15:08 - 00000000 ____D () C:\ProgramData\DealssFiNderPrroo

2014-08-16 09:44 - 2014-08-16 09:44 - 00003286 _____ () C:\Windows\System32\Tasks\微软设备健康助手自动更新

2014-08-16 09:44 - 2014-08-16 09:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Device Health

2014-08-16 09:43 - 2013-07-11 04:35 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-16 09:39 - 2013-09-13 07:25 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-16 09:34 - 2014-08-16 09:34 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_B94

2014-08-16 09:32 - 2014-08-16 09:30 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_DD5

2014-08-16 09:28 - 2014-05-07 15:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-15 23:16 - 2014-08-15 23:16 - 00018120 _____ () C:\Users\Jon\Downloads\[kickass.to]cumfiesta.dillion.carter.molly.bliss.pure.bliss.07.29.2014.torrent

2014-08-15 23:00 - 2014-08-15 23:00 - 00096139 _____ () C:\Users\Jon\Downloads\[kickass.to]legends.2014.s01e01.720p.hdtv.x264.2hd.rartv.torrent

2014-08-15 14:09 - 2014-08-03 19:42 - 00000000 ____D () C:\Users\Jon\Desktop\Thunder Cloud Vapers

2014-08-15 09:53 - 2014-03-11 09:39 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-15 09:14 - 2014-07-14 11:34 - 00000000 ____D () C:\Users\Jon\Desktop\X

2014-08-15 01:34 - 2013-10-18 09:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Skype

2014-08-15 00:02 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-14 23:37 - 2014-08-14 23:37 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog (1).xlsx

2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv.torrent

2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv (1).torrent

2014-08-13 16:31 - 2013-07-18 07:43 - 00000000 ____D () C:\Users\Jon\AppData\Local\Adobe

2014-08-13 16:12 - 2013-07-10 23:33 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Adobe

2014-08-13 15:49 - 2014-08-13 15:49 - 00003494 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jon-PC-Jon

2014-08-13 13:01 - 2013-07-12 05:10 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\PCDr

2014-08-13 09:53 - 2013-07-10 23:02 - 00114456 _____ () C:\Users\Jon\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-13 09:52 - 2014-08-13 09:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk

2014-08-13 09:52 - 2014-08-13 09:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-08-13 09:52 - 2014-08-13 09:50 - 00000000 ____D () C:\Program Files\Adobe

2014-08-13 09:52 - 2014-08-13 09:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-08-13 09:52 - 2013-06-29 15:00 - 00000000 ____D () C:\ProgramData\Adobe

2014-08-13 09:51 - 2014-08-13 09:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk

2014-08-13 09:51 - 2013-09-05 00:37 - 00000000 ____D () C:\Users\Jon\Desktop\MISC

2014-08-13 09:50 - 2014-08-13 09:50 - 00001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

2014-08-13 09:50 - 2014-01-08 09:53 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-08-13 09:49 - 2014-08-13 09:49 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

2014-08-13 09:45 - 2014-08-13 09:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

2014-08-13 09:45 - 2014-08-13 09:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

2014-08-12 16:00 - 2014-08-12 16:00 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (2).xls

2014-08-10 00:50 - 2014-08-10 00:50 - 00051035 _____ () C:\Users\Jon\Downloads\[kickass.to]bigmouthfuls.13.09.30.dillion.carter.xxx.720p.mp4.ktr.torrent

2014-08-09 21:09 - 2014-08-09 21:08 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog.xlsx

2014-08-09 10:29 - 2013-10-18 09:09 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-08-09 01:45 - 2014-08-03 23:26 - 03949568 _____ () C:\Users\Jon\Desktop\Witshine.xls

2014-08-08 23:55 - 2014-08-08 23:55 - 00138219 _____ () C:\Users\Jon\Downloads\[kickass.to]adobe.photoshop.cs6.13.0.1.extended.final.multilanguage.cracked.dll.chingliu.torrent

2014-08-08 10:24 - 2014-08-08 10:24 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (1).xls

2014-08-08 10:21 - 2014-08-08 10:20 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08.xls

2014-08-07 14:24 - 2014-07-31 22:22 - 00000000 ____D () C:\Program Files (x86)\alipay

2014-08-07 10:06 - 2014-08-15 14:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-07 10:01 - 2014-08-15 14:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4.torrent

2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4 (1).torrent

2014-08-06 10:24 - 2014-08-01 23:54 - 00000000 ____D () C:\Users\Jon\AppData\Local\alipay

2014-08-06 10:20 - 2014-08-06 10:20 - 00035832 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent

2014-08-05 00:35 - 2014-08-05 00:35 - 00096256 _____ () C:\Users\Jon\Desktop\PI-US-Jon 140805 191usd Aspire Sample.xls

2014-08-04 09:57 - 2014-04-10 00:50 - 00000000 ____D () C:\Windows\rescache

2014-08-03 17:23 - 2014-05-25 17:06 - 00000000 ____D () C:\Windows\SysWOW64\C2MP

2014-08-03 17:23 - 2013-10-27 15:53 - 00000000 ____D () C:\Users\Jon\Downloads\Zipper-BitTorrent-a

2014-08-03 16:49 - 2014-08-03 16:49 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0

2014-08-03 16:49 - 2014-08-03 16:49 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46

2014-08-03 16:49 - 2014-08-03 16:49 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com

2014-08-03 16:49 - 2014-08-03 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-08-03 16:47 - 2014-08-03 16:47 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2014-08-03 16:47 - 2014-08-03 16:47 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-08-03 16:46 - 2014-08-03 16:45 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Jon\Downloads\SUPERAntiSpyware.exe

2014-08-03 10:01 - 2014-08-02 23:43 - 00000000 ____D () C:\Users\Jon\Desktop\K1 Pictures and relationship evidence

2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\Users\Jon\AppData\Local\Skype

2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-08-03 01:01 - 2013-10-18 09:09 - 00000000 ____D () C:\ProgramData\Skype

2014-08-03 00:56 - 2014-08-03 00:56 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Jon\Downloads\SkypeSetup(1).exe

2014-08-03 00:47 - 2014-08-03 00:37 - 00000000 ____D () C:\Users\Jon\Desktop\Photo Book

2014-08-02 18:13 - 2014-08-02 18:12 - 00563731 _____ () C:\Users\Jon\Downloads\install.exe

2014-08-02 00:51 - 2013-07-10 23:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-08-01 23:54 - 2014-08-01 23:54 - 00000000 ____D () C:\alipay

2014-08-01 23:54 - 2014-07-10 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-08-01 07:41 - 2014-08-15 14:10 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 07:16 - 2014-08-15 14:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-31 22:33 - 2014-07-31 22:33 - 00043441 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e05.720p.hdtv.x264.killers.eztv.torrent

2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv.torrent

2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv (1).torrent

2014-07-31 22:33 - 2014-07-31 22:33 - 00012815 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e04.hdtv.x264.killers.eztv (1).torrent

2014-07-31 22:31 - 2014-07-31 22:31 - 00012927 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e03.hdtv.x264.asap.mp4.torrent

2014-07-31 22:30 - 2014-07-31 22:30 - 00023838 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e02.hdtv.x264.asap.ettv.torrent

2014-07-31 22:25 - 2014-07-31 22:25 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\alipay

2014-07-31 22:22 - 2014-07-31 22:22 - 00001078 _____ () C:\Users\Jon\AppData\Roaming\base64.cer

2014-07-31 22:21 - 2014-07-31 22:21 - 04151744 _____ () C:\Users\Jon\Downloads\aliedit.exe

2014-07-31 18:24 - 2014-07-31 18:23 - 01276520 _____ () C:\Windows\Minidump\073114-39889-01.dmp

2014-07-31 18:23 - 2013-07-15 06:59 - 00000000 ____D () C:\Windows\Minidump

2014-07-31 10:52 - 2014-07-31 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-31 10:05 - 2014-07-31 10:05 - 00000000 ____D () C:\Users\Jon\AppData\Local\Packages

2014-07-31 09:45 - 2014-07-10 22:13 - 00000000 ____D () C:\ProgramData\374311380

2014-07-31 01:48 - 2014-07-31 01:48 - 00011593 _____ () C:\Users\Jon\Downloads\[JSU发布组] RKI-111无码流出修复版 京香julia.torrent

2014-07-30 20:33 - 2014-07-30 20:32 - 01267168 _____ () C:\Windows\Minidump\073014-41371-01.dmp

2014-07-29 21:08 - 2014-07-29 21:08 - 01219768 _____ () C:\Windows\Minidump\072914-36644-01.dmp

2014-07-29 16:45 - 2014-07-29 16:44 - 01212840 _____ () C:\Windows\Minidump\072914-37377-01.dmp

2014-07-28 21:43 - 2014-07-28 19:07 - 00000000 ____D () C:\Users\Jon\Desktop\Taobao

2014-07-28 21:11 - 2013-11-03 09:15 - 00000000 ____D () C:\Users\Jon\Documents\Tencent Files

2014-07-28 16:47 - 2014-07-28 16:47 - 01259800 _____ () C:\Windows\Minidump\072814-27690-01.dmp

2014-07-27 14:40 - 2014-07-27 14:39 - 01216552 _____ () C:\Windows\Minidump\072714-38781-01.dmp

2014-07-26 23:19 - 2014-07-26 23:19 - 20463341 _____ () C:\Users\Jon\Downloads\product catalog1.rar

2014-07-26 17:34 - 2014-07-26 17:33 - 01262768 _____ () C:\Windows\Minidump\072614-58547-01.dmp

2014-07-26 14:33 - 2014-07-26 14:32 - 01276720 _____ () C:\Windows\Minidump\072614-69810-01.dmp

2014-07-26 14:32 - 2013-07-13 09:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-26 14:32 - 2013-07-13 09:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-07-25 23:22 - 2013-07-13 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 22:52 - 2014-08-15 14:10 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-25 22:02 - 2014-08-15 14:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-25 22:01 - 2014-08-15 14:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-25 21:51 - 2014-08-15 14:10 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-25 21:30 - 2014-08-15 14:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-25 21:28 - 2014-08-15 14:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-25 21:28 - 2014-08-15 14:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-25 21:25 - 2014-08-15 14:10 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-25 21:25 - 2014-08-15 14:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-25 21:11 - 2014-08-15 14:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-25 21:10 - 2014-08-15 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-25 21:04 - 2014-08-15 14:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-25 21:03 - 2014-08-15 14:10 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-25 21:00 - 2014-08-15 14:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-25 21:00 - 2014-08-15 14:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-25 20:59 - 2014-08-15 14:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-25 20:47 - 2014-08-15 14:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-25 20:40 - 2014-08-15 14:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-25 20:34 - 2014-08-15 14:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-25 20:34 - 2014-08-15 14:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-25 20:33 - 2014-08-15 14:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-25 20:30 - 2014-08-15 14:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-25 20:28 - 2014-08-15 14:10 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-25 20:28 - 2014-08-15 14:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-25 20:21 - 2014-08-15 14:10 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-25 20:19 - 2014-08-15 14:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-25 20:18 - 2014-08-15 14:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-25 20:17 - 2014-08-15 14:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-25 20:17 - 2014-08-15 14:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-25 20:12 - 2014-08-15 14:10 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-25 20:10 - 2014-08-15 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-25 20:10 - 2014-08-15 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-25 20:08 - 2014-08-15 14:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-25 20:06 - 2014-08-15 14:10 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-25 19:52 - 2014-08-15 14:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-25 19:47 - 2014-08-15 14:10 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-25 19:43 - 2014-08-15 14:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-25 19:42 - 2014-08-15 14:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-25 19:39 - 2014-08-15 14:10 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-25 19:39 - 2014-08-15 14:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-25 19:36 - 2014-08-15 14:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-25 19:34 - 2014-08-15 14:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-25 19:29 - 2014-08-15 14:10 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-25 19:23 - 2014-08-15 14:10 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-25 19:13 - 2014-08-15 14:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-25 19:07 - 2014-08-15 14:10 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-25 19:07 - 2014-08-15 14:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-25 19:03 - 2014-08-15 14:10 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-25 18:52 - 2014-08-15 14:10 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-25 18:26 - 2014-08-15 14:10 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-25 18:17 - 2014-08-15 14:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-25 18:09 - 2014-08-15 14:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-25 18:05 - 2014-08-15 14:10 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-25 18:00 - 2014-08-15 14:10 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-25 00:39 - 2009-07-14 13:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-22 15:50 - 2014-07-22 15:50 - 00767456 _____ () C:\Windows\Minidump\072214-46878-01.dmp

2014-07-22 00:46 - 2014-07-20 23:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-22 00:46 - 2013-06-29 14:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-22 00:46 - 2013-06-29 14:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-20 23:27 - 2014-07-20 23:27 - 00000000 ____D () C:\Users\Jon\AppData\Local\Macromedia

2014-07-20 22:24 - 2014-07-20 22:23 - 00000000 ____D () C:\Users\Sophia\AppData\Roaming\Mozilla

2014-07-20 22:24 - 2014-07-20 22:23 - 00000000 ____D () C:\Users\Sophia\AppData\Local\Mozilla

2014-07-20 17:18 - 2014-07-20 17:18 - 00008301 _____ () C:\Users\Jon\Downloads\[kickass.to]lorde.everybody.wants.to.rule.the.world.mp3.torrent

2014-07-20 06:16 - 2014-07-20 06:16 - 01192032 _____ () C:\Windows\Minidump\072014-58391-01.dmp

2014-07-20 02:24 - 2014-07-20 02:24 - 00011514 _____ () C:\Users\Jon\Downloads\[kickass.to]under.the.dome.s02e03.hdtv.x264.lol.eztv.torrent

2014-07-20 02:22 - 2014-07-20 02:22 - 00012871 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e04.hdtv.x264.lol.eztv (1).torrent

2014-07-19 12:12 - 2014-07-18 21:25 - 00013106 ____H () C:\Users\Jon\Desktop\~WRL0915.tmp

2014-07-19 11:40 - 2014-07-19 11:40 - 01262480 _____ () C:\Windows\Minidump\071914-55551-01.dmp

2014-07-18 23:52 - 2014-07-18 23:52 - 00015673 _____ () C:\Users\Jon\Downloads\[kickass.to]the.amazing.spider.man.2.2014.korsub.720p.webrip.x264.aac.jyk.torrent

 

Files to move or delete:

====================

C:\Users\Jon\.exe

 

 

Some content of TEMP:

====================

C:\Users\Jon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbfpvmx.dll

C:\Users\Jon\AppData\Local\Temp\exthelper.exe

C:\Users\Jon\AppData\Local\Temp\qqsafeud.exe

C:\Users\Jon\AppData\Local\Temp\SkypeSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-09 15:25

 

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04

Ran by Jon at 2014-08-17 09:21:28

Running from C:\Users\Jon\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)

AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)

Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)

Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden

Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.0.2C - )

Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)

Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )

Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)

Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)

Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)

Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)

EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Heritage Sports 8.2 (HKLM-x32\...\Heritage Sports 8.2) (Version: 8.2.12.201405261500 - Heritage Sports)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)

Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.00.0000 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)

Magic Online (HKLM-x32\...\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}) (Version: 3.00.0000 - Wizards of the Coast)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)

Media Player Codec Pack 4.3.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.1 - Media Player Codec Pack) <==== ATTENTION

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)

NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Soda PDF 3D Reader (HKLM-x32\...\{025C48E1-4695-4F49-906E-EBABCD54EA51}) (Version: 5.0.30.11889 - LULU Software Limited)

Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)

Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)

South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)

StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.3.4.5 - Black Oak Computers, Inc)

Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1108 - SUPERAntiSpyware.com)

Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.4.0 - Synaptics Incorporated)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 wmaiper (x32 Version: 012.000.1456 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.0.16.0 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

13-08-2014 21:33:58 Scheduled Checkpoint

16-08-2014 01:26:10 Windows Update

16-08-2014 01:53:58 Removed SearchMe Toolbar v9.6.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 10:34 - 2014-05-27 11:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {2D195409-D940-438B-A18B-6DCF2DF62DA1} - System32\Tasks\AdobeAAMUpdater-1.0-Jon-PC-Jon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {3029194F-846D-447D-9A60-A5E220E3A22C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)

Task: {4D6CF6E3-E260-488B-960A-5C3CD5E00E29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22] (Adobe Systems Incorporated)

Task: {4FFF1F34-75B4-4F14-8A0A-121BF420D8C9} - System32\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)

Task: {5238D458-DE1F-4F6D-8C95-D7661E3E34AB} - System32\Tasks\{BE250B3D-1BA8-4F0D-8A93-6517B819C0B6} => Chrome.exe http://ui.skype.com/...all?page=tsBing

Task: {62C77413-2950-4FB8-B240-05E9B02A1C92} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {861BC50B-BD8F-48D9-824E-87EB0359F0D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)

Task: {906EEAFE-31AA-4F4A-A5D2-B6F040EDA454} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)

Task: {92DD13DA-90D6-4E6F-B4AF-8DC50BB1E3E5} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2014-06-06] ()

Task: {9FF3CCC0-6EC9-417F-B529-1A4F494954CA} - System32\Tasks\{B680D048-EB80-4D64-9692-A5F4716B6286} => Chrome.exe http://ui.skype.com/...all?page=tsMain

Task: {A1DEFA4E-A9FD-47C1-9868-4A42A089E8F6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)

Task: {A36F6B53-373D-4A54-B43C-25A72D074126} - System32\Tasks\{47AD3B7B-2D15-43E8-A462-5D1E7232B880} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {B0DDDB04-0CF0-44E3-9C3B-C6907FFC81A8} - System32\Tasks\{2EA402E7-B890-4C3A-9798-0738E41CDAFB} => Chrome.exe http://ui.skype.com/...all?page=tsMain

Task: {B551F808-F4AD-463E-A5C5-4AD63E03E1E7} - System32\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)

Task: {CED6F9E9-8D94-4899-A97F-B2B6580E735A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)

Task: {D3E7A6A7-90A0-4A02-852A-B08E5FE9A839} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)

Task: {F48D7409-85CB-4BAD-83BA-402DB224A8C2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-03-21 12:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-06-06 21:36 - 2014-06-06 21:36 - 00085664 _____ () C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe

2013-06-29 14:53 - 2013-01-18 23:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-07-12 10:37 - 2014-05-21 00:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-06-29 14:55 - 2012-01-27 10:49 - 02751808 ____N () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

2013-06-29 16:03 - 2012-02-15 01:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-06-06 21:36 - 2014-06-06 21:36 - 00064672 _____ () C:\Program Files (x86)\Microsoft Device Health\Collectors\system_collector.dll

2014-06-06 21:36 - 2014-06-06 21:36 - 00023200 _____ () C:\Program Files (x86)\Microsoft Device Health\Collectors\user_collector.dll

2014-06-06 21:36 - 2014-06-06 21:36 - 00020640 _____ () C:\Program Files (x86)\Microsoft Device Health\Actuators\win_update_actuator.dll

2014-08-17 09:12 - 2014-08-17 09:12 - 00043008 _____ () c:\users\jon\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbfpvmx.dll

2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\Jon\AppData\Roaming\Dropbox\bin\libcef.dll

2014-07-20 03:23 - 2014-07-15 17:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-20 03:23 - 2014-07-15 17:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-20 03:23 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-20 03:23 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-20 03:23 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-02-28 16:51 - 2014-02-28 16:51 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e0cca00b42165c0b882a7ef23368c6ac\PSIClient.ni.dll

2013-06-29 14:38 - 2012-02-02 06:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NexDef Plug-in.lnk => C:\Windows\pss\NexDef Plug-in.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: AlienwareOn-ScreenDisplay => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Command Center Controllers => "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"

MSCONFIG\startupreg: DellSystemDetect => C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

MSCONFIG\startupreg: Integrated Webcam Live! Central => "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2

MSCONFIG\startupreg: QQ2009 => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Sound Blaster Recon3Di Control Panel => "c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

MSCONFIG\startupreg: StrongVPN Client => "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

MSCONFIG\startupreg: uTorrent => "C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft Virtual WiFi Miniport Adapter #2

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Microsoft Virtual WiFi Miniport Adapter

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/17/2014 09:13:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program uTorrent.exe version 3.4.2.32126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 6b0

 

Start Time: 01cfb9b82a8e0d07

 

Termination Time: 14

 

Application Path: C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe

 

Report Id: a1361652-25ab-11e4-8247-b90948f4e8f7

 

Error: (08/17/2014 09:10:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/17/2014 01:39:45 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={17B18D64-9AAD-4555-A687-810E9B270415}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:38:39 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={05759DB9-D6FD-4400-8CD8-2340D38632EC}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:37:33 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={9E89E653-7818-4DA3-91CC-CD100BC5378C}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:36:27 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={53BC09E9-FA2C-4936-B843-42C90D543D58}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:35:21 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={46976D27-F1C9-4741-8362-5F337D217AC4}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:34:15 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={21105392-C52F-45D0-9FD8-213F311FAEE6}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:33:09 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={5C210B7C-5830-4346-8EFE-C7319C5780AB}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

Error: (08/17/2014 01:32:03 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={B4D37B11-FCCF-4A72-BE89-72BFA87CD193}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.

 

 

System errors:

=============

Error: (08/17/2014 09:21:57 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:57 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:57 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:41 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:41 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

Error: (08/17/2014 09:21:31 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.

 

 

Microsoft Office Sessions:

=========================

Error: (08/17/2014 09:13:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: uTorrent.exe3.4.2.321266b001cfb9b82a8e0d0714C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exea1361652-25ab-11e4-8247-b90948f4e8f7

 

Error: (08/17/2014 09:10:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/17/2014 01:39:45 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {17B18D64-9AAD-4555-A687-810E9B270415}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:38:39 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {05759DB9-D6FD-4400-8CD8-2340D38632EC}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:37:33 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {9E89E653-7818-4DA3-91CC-CD100BC5378C}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:36:27 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {53BC09E9-FA2C-4936-B843-42C90D543D58}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:35:21 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {46976D27-F1C9-4741-8362-5F337D217AC4}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:34:15 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {21105392-C52F-45D0-9FD8-213F311FAEE6}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:33:09 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {5C210B7C-5830-4346-8EFE-C7319C5780AB}Jon-PC\JonStrongVPN - 309053-L2TP789

 

Error: (08/17/2014 01:32:03 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {B4D37B11-FCCF-4A72-BE89-72BFA87CD193}Jon-PC\JonStrongVPN - 309053-L2TP789

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-05-27 11:23:08.443

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-27 11:23:08.409

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-3740QM CPU @ 2.70GHz

Percentage of memory in use: 41%

Total physical RAM: 8074.31 MB

Available physical RAM: 4692.05 MB

Total Pagefile: 16146.8 MB

Available Pagefile: 12662.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:452.1 GB) (Free:22.71 GB) NTFS

Drive e: (DATAPART2) (Fixed) (Total:59.62 GB) (Free:59.52 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8443CBBC)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8443CF76)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 8443CF64)

Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

 

 

 

 

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-08-17 09:26:18

-----------------------------

09:26:18.149    OS Version: Windows x64 6.1.7601 Service Pack 1

09:26:18.149    Number of processors: 8 586 0x3A09

09:26:18.150    ComputerName: JON-PC  UserName: Jon

09:26:19.580    Initialize success

09:26:19.619    VM: initialized successfully

09:26:19.684    VM: Intel CPU supported 

09:26:26.013    VM: disk I/O iaStorA.sys

09:26:43.094    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a2

09:26:43.098    Disk 0 Vendor: ATA_____ A500 Size: 476940MB BusType: 8

09:26:43.103    Disk 1  \Device\Harddisk1\DR1 -> \Device\000000a3

09:26:43.108    Disk 1 Vendor: ATA_____ A500 Size: 476940MB BusType: 8

09:26:43.113    Disk 2  \Device\Harddisk2\DR2 -> \Device\000000a5

09:26:43.118    Disk 2 Vendor: ATA_____ 3D1Q Size: 61057MB BusType: 8

09:26:43.234    Disk 0 MBR read error 0

09:26:43.240    Disk 0 MBR scan

09:26:43.246    Disk 0 unknown MBR code

09:26:43.252    MBR BIOS signature not found 0

09:26:43.499    Disk 0 scanning C:\Windows\system32\drivers

09:26:49.160    Service scanning

09:27:03.785    Modules scanning

09:27:03.795    Disk 0 trace - called modules:

09:27:03.841    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 

09:27:03.849    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800844c790]

09:27:03.856    3 CLASSPNP.SYS[fffff880017a643f] -> nt!IofCallDriver -> [0xfffffa8008394a90]

09:27:03.863    5 iaStorF.sys[fffff880019a39a0] -> nt!IofCallDriver -> \Device\000000a2[0xfffffa8007dc79c0]

09:27:03.872    Scan finished successfully

09:27:14.727    Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"

09:27:14.736    The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"

 

 

 

 

[Naathim]

HI



P2P warning!

• uTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

• Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for previously mentioned program(s), right-click the entry and click Uninstall.

This is optional, but please consider this. In case of leaving it installed, please refrain from using it while we're cleaning your machine


Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and let this process run uninterrupted.
• This scan can take a while, depending on your System specs.
• Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.


Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

• Right-click on icon and select Run as Administrator to start the tool.
  > XP users click run after receipt of Windows Security Warning - Open File.
  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

[Naathim]

Hi

Still with me?

[Naathim]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.