Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer infected with something, redirects, spam ads, unbearable perf


  • This topic is locked This topic is locked

#1
JCSW7777

JCSW7777

    New Member

  • Member
  • Pip
  • 2 posts

Hello,

 

My computer has recently been infected with something and its been a frustrating experience to say the least. I've tried 4-5 spyware/malware removal programs (superanti-spyware, spyware doctor, search and destroy) uninstalling the bad programs, system restores and still continue to have issues. I recently moved to China, so i'm sure I picked up something while browsing the net here, I use a VPN most of the time. 

 

First I get ads and popup adds everywhere on sites I visit, even sites that shouldn't have ads there. Secondly my search browser is commonly redirected. These issues seem to be semi fixed every time I run a scan but come back eventually. Most importantly however, my computer is having severe performance issues. There is alot of lag when I try to open programs, and just alot of delay in general when performing actions. Alot of even simple programs (word, excel) will end up not responding after a while and crash.

 

Please help! A friend told me about the amazingness of these forums and how you were able to resolve all his malware/virus/spyware issues. I would so much greatly appreciate it if you could help me out too! I've tried many many things and it is just so frustrating. Thank you!

 

 

 

 

OTL Extras logfile created on: 8/16/2014 9:55:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 20.00% Memory free
16.34 Gb Paging File | 4.39 Gb Available in Paging File | 26.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.10 Gb Total Space | 12.85 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive E: | 59.62 Gb Total Space | 59.52 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive Y: | 13.62 Gb Total Space | 6.28 Gb Free Space | 46.15% Space Free | Partition Type: NTFS
 
Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EF31FA-B40C-4F34-A2D3-ABED05FC9709}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0A74CA4F-BE6F-4AC8-AB66-3D78E5E644A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0BCB40EE-5EA6-4793-AD76-CE24744F9D15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0EBF068C-0202-49D0-8FC3-AA19944A286B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0ED0234E-0ECA-4ABC-8B08-1DE850C93E0B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{174CF101-06E1-4001-9C71-6919E890CB4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{1C05DBFA-A8C8-419E-B50B-ED980164A499}" = lport=50000 | protocol=17 | dir=in | name=sina_live | 
"{1E9F3EEB-2203-46CB-891F-75B412586AA5}" = lport=6001 | protocol=6 | dir=in | name=sina_live | 
"{294A4664-1015-4175-A7A3-3DC8584CDBC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B827DD7-758D-425F-81BF-2A5DC69B0F20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{2EC39B10-720E-4BA1-8D07-42CCEB66B4AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4A5078DA-114C-439E-A26F-835454AF1EE9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4FA02D83-4930-4492-A0C0-89F61922FCD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50BCC01A-88C6-46AE-9CB2-4448EC0AA5E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56CA0CF5-9D2E-4A52-B99E-8F4909BB4C17}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5B25FE0F-EE1B-426F-B8FD-D8264BD43D19}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{622A6517-F5BD-4B5D-A0B6-E7F8FC13D6FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6FB753D7-DF9B-450C-A35A-1B024B99D973}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{7076B973-E4EF-472C-A206-FC57833BA7FB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7181C07B-795D-4021-B962-4442E800A3DD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E9A4395-E279-4A71-82E2-5D7AE2387BAF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8907B7C5-DE9B-49D2-B40A-7B95067FC152}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{89897492-483D-46A3-9D0C-CBF888DEC084}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C9E5C80-EB45-4918-B6DE-DBDC30EFCF93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9099C1DA-65C9-4108-8826-AA6CFC6A14F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{B9B62A13-3B05-4B9A-A2A9-C6F82FF80066}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BFC9BBB8-1166-4593-8184-18B8B853D963}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF01DB1F-A6B8-4D1B-96D4-ED0AEAB082C8}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D4CF9CB1-A99C-468F-963D-65DD3F2BB710}" = lport=50001 | protocol=17 | dir=in | name=sina_live | 
"{DA9E8007-4BE5-494C-8EA3-622101ABA381}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E811EBA9-79A8-4FB3-8454-AE0C5953DC8F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E9A2A307-BA44-4D62-BBFD-D8D580120511}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EFC37589-62DC-48FB-A2A3-9B51D73DA367}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F62FE2D3-FEAF-4913-8EDA-94AD42694A1E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{FB1FB80E-C93E-42C3-868C-6308AC0A87A2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FCA6C006-C858-4CD5-8E5E-E7B6C65AA7AF}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A08467-E4A4-43B7-BE8D-626F37BEEF65}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{01AE8DE0-8612-417C-95EA-B3D05E9920C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{034FB3F8-5949-421E-84C1-390509CC252D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{04D7F1E0-9B7E-4EAD-804D-F41B7BA3D199}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{06630018-2CD2-4987-A1E9-22D17BFF6CAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{0727C51A-449A-496B-A9C6-6A2F08FA8B5E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{08F3AA14-3F85-4608-89B1-E89585D3FB47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0996F0E8-6050-4712-BB75-083308A9F0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 
"{0AC2351B-B441-4A63-B32B-DCC69759FC10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{0C2AC89F-B0A7-432B-829F-516BA5AAF1D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\south park - the stick of truth\south park - the stick of truth.exe | 
"{0D7B9F3A-6E02-4DC2-8D6F-6E735C39138A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe | 
"{0DBBA490-488B-43D4-8DD7-35EA7BC01B0D}" = protocol=6 | dir=in | app=c:\users\jon\appdata\roaming\utorrent\utorrent.exe | 
"{18E3D698-0BB3-455D-9D4D-73DC34BDEE31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{19DF73B7-9770-4A1D-9B7D-7A04F256A140}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1E3AAE33-887C-4317-91E6-910FAA367E26}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 
"{1E48A969-2778-416B-A497-B36A3FA9C5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{210AC24A-D9FD-442B-BFC1-12BA3ABAB817}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2268D2F5-601E-45A6-B295-F5413DD9E584}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{22A65F3A-C8E8-4725-B309-5EC8CA2DC2A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{22BF170A-01BD-474F-A78F-691EC4827489}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{232BB109-F26F-43FF-A1CC-20CF3D53616E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{34BD5455-DE52-45CB-9F6D-E20EBB16BEE5}" = protocol=6 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{39D34547-54A4-4063-BFC6-505B3BB666E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{3B01CB33-2977-4A3A-B3AF-D317E4A34CA5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{43C0B00A-3A17-4943-83ED-93B3CC7857F8}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{47D4389A-7B18-4D1E-921F-D67F0FFEE637}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EAA3D3F-69F8-4CC7-8B13-400C67BCDC43}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{521AEBC4-CA2C-4362-A500-2D05DFE80AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{52F83A45-22EC-4C96-9EE2-5F427A48F6CF}" = protocol=17 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii public test.exe | 
"{56DB3B11-1B4C-44DC-B0FA-AD97E5ACA0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 
"{5B62FC2D-B2E8-4DA1-90EE-4CF046E9398F}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{5C790785-82FB-4154-ADD3-0CDD1F85DBE2}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{5D5F4F77-2AC7-4C26-B3A5-8676A0BD3998}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | 
"{5E3854BB-25C1-4677-AC54-B5DB318DB10E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5EA932DF-F9D6-495D-9AB1-F41A8B50A36B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{5F0D6644-BC74-474C-B7A3-8930A5C732F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FD5AC83-69C7-4059-818D-BC23CC435FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6288263C-CBCD-4B58-8E29-600F2523E94E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{63A2B01D-67AC-4186-92D2-DD4E29EC354C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | 
"{642154F6-3209-48C3-BD78-C5E3E0EEDB16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{6485B7CE-5AED-4A53-8B75-74E3342AD21B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 
"{675BC0E6-D4F1-42C6-8CE2-FD065BA7B5BA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{681F728D-6E53-4615-BAD6-758A6761FB42}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{69953EA9-E82F-4DEE-A811-FDAECA3100E2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6A532B86-CB7D-428E-AC17-031268A64ACA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{6E9975F6-0A57-421C-BB03-E04705296455}" = protocol=6 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7029CCD5-A93A-4C0A-A57C-65D2A36813AF}" = protocol=17 | dir=in | app=c:\users\jon\appdata\roaming\utorrent\utorrent.exe | 
"{709FCBD6-9EDC-4059-BB67-BBE129E9CDD8}" = protocol=6 | dir=out | app=system | 
"{7132988B-0BB4-44CD-8994-F2660D59F73C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{74C6FC68-A3BD-4A0E-A3A5-0DCF9F1948F8}" = protocol=17 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii.exe | 
"{77DAA9C9-4DF8-4C25-A373-CF0071326F84}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{782BE8C1-ED32-4F70-B625-4401E16F6E27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{79AC993F-E8E0-4D3E-8DFA-F52B0AC62FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{79E7F60F-E6E1-4150-9580-CF46B899AE17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{7AE6D7E9-90AC-4448-95A0-D983545EF41B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{7B2600DE-6AB6-4FBA-8F78-3463A31EF2DB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe | 
"{7E92D05E-EE9D-4949-8B5A-771D46C17787}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{7FA88456-E2FC-4414-934F-CDA1294795D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{803591CC-5973-43D7-A107-FBB2A8A612AD}" = protocol=58 | dir=in | [email protected],-28545 | 
"{83711B08-1B06-44D0-B182-C6C3DF9D2D16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{83A00A0C-6AC3-4405-AF78-B2B1FF99741B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8605233E-4755-4EDB-87ED-83F3A3FC4A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{876B01B0-210B-4DD7-92E1-EFCE5EE19B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{88EECD4F-B294-48B8-A40B-019764245289}" = protocol=6 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii.exe | 
"{8AA8DE3C-5640-41AE-9DB2-054BDEEE8E84}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{8E561BA7-C04D-42C0-8D62-67A3AF7CB9BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{902BB229-3F6E-41C3-9A30-E049DC967918}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{91C37F2B-6F72-43EB-89E9-EFE567EC57C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\south park - the stick of truth\south park - the stick of truth.exe | 
"{942C91A4-F919-4D74-BC09-89E216DC64E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{96ECC9B8-9584-422A-A1FA-EEBD4251FBAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{987B9539-4C67-41D1-BE92-D891CD71F922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9B3E89DA-F69E-4927-9416-0AE608988D3B}" = protocol=1 | dir=in | [email protected],-28543 | 
"{9DF5DD74-53D7-4095-A343-96B8CE67FC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3A3433E-3896-4C01-A0F8-54892FDF47E8}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe | 
"{A46BF2B9-9D00-4489-AEE2-39C67ADF8FB6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{A7703FAC-43CC-49D0-8E06-C2D7C819C74D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{A91ACE0B-1D5A-424D-9CE1-EF56B9851CF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{AC39649B-16E5-4722-9489-046FF5C4E356}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe | 
"{AE1DE715-9340-456F-9701-AB0F6C2EE0E3}" = protocol=17 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C1312D99-45DF-4BFE-A665-5C47B99CD67A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{C14CE5B4-8EB3-4737-8B4F-8B7B5C89C4FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{C4B3FF6C-23AF-4E7B-AB36-AA458B695C5E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C62CBB1C-ABF6-43BE-80B7-DDD74750536E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6503F9C-CDF3-4610-83D6-0F11076A4FB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{C8E881E9-7DC9-46EE-98DB-891DCED61014}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC527EA5-D2F2-475F-9457-37456B266AEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{CCF899E7-D68A-438C-8AD7-15606ECC588E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CE3EDB59-47DD-401F-9E3F-AC680FB8489D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D22FEFFF-1AA6-4111-861E-A2B3621AD0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{D25194BB-375C-4560-986A-8B3345CC746D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{D40DC43B-2096-4A3E-9AFB-20031D0AF8D7}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{D534B311-41E5-4DDC-B221-25C7D40D0864}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{D623612E-7C66-4465-98DC-94ED0340C9CF}" = protocol=58 | dir=in | [email protected],-148 | 
"{D73F49A9-8093-40D5-B6D2-AC4FF011914C}" = protocol=6 | dir=in | app=c:\users\jon\desktop\starcraft ii\starcraft ii public test.exe | 
"{DBD242C5-8841-4EC8-B090-448C078FD3F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{DE226AB5-F6BF-4CFC-A770-3F4AE531D756}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E3A4F528-0449-4D98-B50C-CB9834DB0810}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E621C09E-D7EC-4A48-922B-3D5C2410D40D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E7CF2A54-0673-41C1-8A19-6A41690170F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E8387CC2-2A92-4856-A4C3-AF2B314F217A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{EAECB19F-970D-4AE3-8F4A-6A535C690719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{F0A568A5-5F9C-4031-8E49-DAB275285224}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F0E22672-A91B-47AF-8A25-B35AC27AB7B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F20CD73F-4510-4853-807C-442C2D7FE296}" = protocol=17 | dir=in | app=c:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F380F653-841F-4D2F-AFB3-64D61AFBD17B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F7719FCF-07B3-4122-B8C0-18866ADBF1BB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FACD0A6F-0A70-41A9-8A49-A2BD855F5564}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FB064FE4-7E01-4C83-9FBF-4619155A3157}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FFCB8EBA-46E5-4022-A425-7BF1E95F8074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"TCP Query User{251CB94B-1659-4A07-ACE7-31EBBF7D23D2}D:\=saga=战地2绿色版\bf2.exe" = protocol=6 | dir=in | app=d:\=saga=战地2绿色版\bf2.exe | 
"TCP Query User{2FC5CA96-774E-4D30-910F-5344BE7650F7}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{33B708EC-8A80-459F-852C-83EC42426D85}C:\users\jon\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\jon\downloads\mtgoiii_helper.exe | 
"TCP Query User{5482EB67-9A56-42BA-A942-E17E8A57CD68}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{9A237776-F805-4D7C-998A-CB20D2A7F284}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe | 
"TCP Query User{AD563ED9-2854-452A-9E15-A3E5BE5BBD2A}C:\program files (x86)\njstar communicator\minismtp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\njstar communicator\minismtp.exe | 
"TCP Query User{EECEF6D3-274E-43EA-863C-36154792E494}C:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{0AB33775-B20B-491C-8AE1-FE467469F651}C:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\users\jon\desktop\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{6F04884E-8D3F-4C13-B688-459B3BCEE84C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{7777E3D6-E6E4-426A-9CFC-50DBF7602BDD}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{99E585E8-33C1-4958-9145-920F9FDC2E4C}D:\=saga=战地2绿色版\bf2.exe" = protocol=17 | dir=in | app=d:\=saga=战地2绿色版\bf2.exe | 
"UDP Query User{AC65EC4A-A462-4807-8F45-82191DEA8EB1}C:\users\jon\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\jon\downloads\mtgoiii_helper.exe | 
"UDP Query User{D0B2EDE1-B100-4C12-930D-6C082EDA552A}C:\program files (x86)\njstar communicator\minismtp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\njstar communicator\minismtp.exe | 
"UDP Query User{DAF41793-B6CB-4D84-8134-34F2395ADC9E}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5F588B19-C575-4750-86FD-6ED2B76E61F1}" = Intel® PROSet/Wireless WiMAX Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"McAfee Security Scan" = McAfee Security Scan Plus
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"PC-Doctor for Windows" = AlienAutopsy
"ProInst" = Intel PROSet Wireless
"Sublime Text 2_is1" = Sublime Text 2.0.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025C48E1-4695-4F49-906E-EBABCD54EA51}" = Soda PDF 3D Reader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}" = 微软设备健康助手
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6EB6293C-9286-4981-8672-956E1A92F33B}_is1" = StrongVPN Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C45E715E-442E-4D82-BD46-A08A0870957C}" = Sound Blaster Recon3Di Extras
"{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}" = Sound Blaster Recon3Di
"{CA32CD83-2627-40DB-B16B-43D4752A4A4C}" = TurboTax 2012 wmaiper
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Battlelog Web Plugins" = Battlelog Web Plugins
"Google Chrome" = Google Chrome
"Heritage Sports 8.2" = Heritage Sports 8.2
"InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"Media Player - Codec Pack" = Media Player Codec Pack 4.3.1
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"StarCraft II" = StarCraft II
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 213670" = South Park™: The Stick of Truth™
"Steam App 231430" = Company of Heroes 2
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 50650" = Darksiders II
"Steam App 570" = Dota 2
"Steam App 8870" = BioShock Infinite
"Steam App 8930" = Sid Meier's Civilization V
"TurboTax 2012" = TurboTax 2012
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR 5.00 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"9204f5692a8faf3b" = Dell System Detect
"Dropbox" = Dropbox
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/15/2014 6:41:52 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 6:41:53 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 6:41:54 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 6:41:57 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 6:41:58 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 9:43:41 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 9:43:42 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 9:43:43 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 9:44:12 AM | Computer Name = Jon-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/15/2014 9:54:06 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary STMicroelectronics Accelerometer Service.  System Error: The system cannot
 find the file specified.  .
 
[ System Events ]
Error - 8/15/2014 10:02:39 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:03:41 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:03:41 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:04:02 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:04:43 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:04:43 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:05:45 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:05:45 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:06:46 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
Error - 8/15/2014 10:06:46 PM | Computer Name = Jon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume D:.
 
 
< End of report >
 

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.


aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click No.
  • Select Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.
Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software
  • 0

#3
JCSW7777

JCSW7777

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hello Naat!

 

Thank you so much for your response, getting your help is just awesome!, I read your instructions carefully and below are the attached information you requested. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Jon (administrator) on JON-PC on 17-08-2014 09:20:26
Running from C:\Users\Jon\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe
(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell) C:\Users\Jon\AppData\Local\Apps\2.0\E501HQH7.W7B\ZYYOXPZQ.9Y7\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Dropbox, Inc.) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongDial.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2011-12-02] (Intel® Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-20] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [StrongVPN Client] => C:\Program Files (x86)\StrongVPN\StrongDial.exe [1456976 2013-10-31] (Black Oak Computers, Inc.)
HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [uTorrent] => C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-1522901231-1283582495-1218869647-1002\...\Run: [DellSystemDetect] => C:\Users\Jon\AppData\Local\Apps\2.0\E501HQH7.W7B\ZYYOXPZQ.9Y7\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-25] (Dell)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-01-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-01-19] (NVIDIA Corporation)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienware....com/welcome-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = http://www.bing.com/...IE9TR&pc=MDDCJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = http://www.bing.com/...IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = http://www.bing.com/...IE9TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {56A9BE03-3D8C-44F8-8418-F0A4F042B7B3} URL = http://www.baidu.com...d={searchTerms}
SearchScopes: HKCU - {170BC0F4-DE61-408D-A6B8-EB517C75243E} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {4B9C024A-E2D5-4584-959F-6FF0D6B8DEF0} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {56A9BE03-3D8C-44F8-8418-F0A4F042B7B3} URL = http://www.baidu.com...d={searchTerms}
SearchScopes: HKCU - {62CB0BB2-C68F-48B4-81A5-300384E6876E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Soda PDF 3D Reader Helper -> {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} -> C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEHelper.dll (LULU Software Limited)
BHO-x32: Slick Savings -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Jon\AppData\Roaming\Slick Savings\Coupons.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Soda PDF 3D Reader Toolbar - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEPlugin.dll (LULU Software Limited)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 202.106.195.68 202.106.46.151
Tcpip\..\Interfaces\{0148C10C-EB4C-4014-8E7E-80EAAA262B14}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{079CB822-48E2-49CD-9E34-7B6540A75446}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{08E15290-2EE6-4151-AE33-734EE05F02DC}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{08F5AEA4-24C6-4E89-B55F-8B9CFEAA3A71}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{09F6BAB6-5725-4AD6-A12B-D367E94CC2D0}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{0C5FE3CA-1D6F-42A9-978C-DC2ECEC1FB5A}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{1075C2A1-9234-4200-B4AF-74684863EC76}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{16D92A23-F0DF-4047-A65A-320223E60B0F}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{1AB172AC-0247-4112-8AEF-A35AF426D5E8}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{210AF53E-DC0A-4851-9A9C-6283C0644185}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{25EDA11A-5186-48E8-B777-D762D8EBC3B4}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{315EF552-8A64-4DCD-8817-C64594FCE1F1}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{31F43AEF-7A68-4B72-9422-F676E3EDAB0D}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{33091582-1C22-466A-B1E4-56C5C3E50EEB}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{35CF4281-91F3-406B-A4AF-3135FA799FCE}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{374924F8-731A-495A-902D-9F4B181033F8}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{38EADBE5-633A-4C28-B06B-1F302F860620}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3A4C6DD2-7E3B-439D-9F91-3ADE1070706F}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{4092EDB9-9E52-4820-8BDD-F89556268786}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{41CCE0C2-5AC0-4EBB-AF25-AD0925675E09}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{44A778D4-1F2D-4428-9837-399EE090CAAB}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{475DC75E-A062-43FE-9A0F-89318C24A9B2}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{47B4DF88-AB8E-45C0-B526-E28FB87283A6}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{48254986-FF82-458E-8B41-C0875A8F0841}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{4F16831C-8A8B-4265-B5F8-2D1EB5143AD9}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{4F3861DF-294C-4FC6-9C6D-EC89878EBF83}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{53ED3653-11BD-4B0E-865F-7566A85493FB}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{54321544-E1D1-4B73-A50D-B8AE5A40070A}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5678F66C-B7D4-403F-9865-D8F223E3C973}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{56D6EF08-C556-4598-9823-A67B18A52A8F}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{57111A7F-A7F0-469E-86EF-833FC6F4023C}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5C14686B-DA9A-4564-B9C2-EAEC6A960248}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5F6916D3-CCA2-4C42-9462-4F856ACBA3CE}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{609362C2-02B6-464A-B0C5-23FFC98550C8}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{61914B7D-95E5-4A7A-B7BC-AB2FF0B0CFCC}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6C79A3EC-969A-4360-BA57-8F6443230160}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6E7178A7-BE24-41C9-B0B3-AF6534A78B5A}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{72114875-4B52-4875-8A66-DF7D3DD9F98B}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{77D9EC10-89C2-4244-A4B7-AA658B7CB013}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{81A780E2-2A09-492F-B84C-D13DBEF579D7}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{81FF2FF6-D559-48D1-8EF7-DFE224D8EF6F}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{82C14FD6-59C6-4995-B47D-69E6D797B306}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{838BCC98-6A0C-4B70-89AC-699AAF972773}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{84D27277-0227-44AC-B316-2E33EF11C57D}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{89E32355-4A07-4737-A1AA-DF7445FA09D3}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{8AA910A2-082C-4E8A-BC8B-70F02FFB508C}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{8DB241B6-2A80-4F61-96CB-5D0CE19A5A57}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9EC0E35D-3963-43DF-826E-565AC691ACAE}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{A2670CA4-3FE3-4833-A27A-2A81CB39E8E5}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{A72C1604-E8FB-4C71-8B23-642F4E32E9EE}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{B9B1377F-89BE-4B01-8428-B222DE211B6D}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{C3871C3F-BCBC-459C-A524-90985B79D284}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CDA3FF3D-D5F5-4F35-8F41-20D43F63FBFD}: [NameServer]219.141.140.10 219.141.136.10
Tcpip\..\Interfaces\{CEC8F194-A5AE-451C-AC63-5F1A2C11B75C}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D036949F-C374-48E8-B69C-61723C811C62}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D0D4D5A2-6B3B-4E0F-8F64-DFBAE9118343}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D3F875FF-9F06-4A8E-A125-1DAC591E6EC6}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DA05E8C2-2506-43E8-A1E3-F61B920FF0AD}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DEE18DF8-33D3-4695-B640-0059A23E494F}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{E278746A-D886-4627-B299-7A7E523B1E02}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{E5CEE4DC-4F28-49D0-A116-3190F6FD11AF}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{E82E4AF9-8B4B-467C-BC01-3757D28937DB}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{EB9314C7-A004-4C66-BEFC-32391C6EF298}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F5CE60A2-497B-4E75-9F18-2FA34A4AACB3}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F73E8BEF-0F12-4B43-B2CB-4903E1EE7EAA}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F7952B5C-DE7B-4FB1-8E08-477C41B2B16B}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F7C0BBE9-5B7B-4221-AB7E-E5D202123D32}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F85CB3E8-79BE-43DA-BBF4-9D4AA8068377}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{FA5FBB75-EB6D-42D2-8AA4-761BEEADD719}: [NameServer]8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{FC7299AC-481F-4425-BBCB-E139760EF79E}: [NameServer]8.8.8.8 8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default
FF DefaultSearchEngine: 百度
FF SelectedSearchEngine: 百度
FF Homepage: hxxp://baidu.com/
FF Keyword.URL: hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default\searchplugins\baidu.xml
FF Extension: DealsFindoeRPro - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default\Extensions\[email protected] [2014-08-13]
FF Extension: saveron - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\65lp77y5.default\Extensions\[email protected].org [2014-07-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-24]
CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-24]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [jpammgopeogkfkfjafahnachhacngopo] - C:\Users\Jon\AppData\Local\imeshvuzebandoo\GC\toolbar.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Jon\AppData\Local\Slick Savings\coupons.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-20] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-28] (Creative Technology Ltd)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [85664 2014-06-06] ()
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2011-12-01] (Red Bend Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-02] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 Soda PDF 3D Reader Helper Service; C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe [1162592 2013-08-20] (LULU Software Limited)
R2 Soda PDF 3D Reader Service; C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe [852320 2013-08-20] (LULU Software Limited)
R2 StrongVPN Service; C:\Program Files (x86)\StrongVPN\StrongService.exe [73552 2013-10-31] (Black Oak Computers, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2011-12-01] (Intel® Corporation) [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-02-23] (Broadcom Corporation.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-28] (Creative Technology Ltd)
S3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-03] (Dell Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-20] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-19] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [38760 2013-11-01] (The OpenVPN Project)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 09:20 - 2014-08-17 09:20 - 00028003 _____ () C:\Users\Jon\Downloads\FRST.txt
2014-08-17 09:19 - 2014-08-17 09:20 - 00000000 ____D () C:\FRST
2014-08-17 09:17 - 2014-08-17 09:18 - 02101760 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2014-08-17 00:44 - 2014-08-17 00:44 - 00078535 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e08.720p.hdtv.x264.killers.rartv.torrent
2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv.torrent
2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv (1).torrent
2014-08-16 14:39 - 2014-08-16 14:39 - 00026293 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e05.hdtv.x264.2hd.ettv.torrent
2014-08-16 10:07 - 2014-08-16 10:07 - 00084244 _____ () C:\Users\Jon\Downloads\Extras.Txt
2014-08-16 10:03 - 2014-08-16 10:03 - 00424190 _____ () C:\Users\Jon\Downloads\OTL.Txt
2014-08-16 09:55 - 2014-08-16 09:55 - 00602112 _____ (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe
2014-08-16 09:47 - 2014-08-16 09:47 - 00000000 ____D () C:\Program Files (x86)\saaveron
2014-08-16 09:46 - 2014-08-16 09:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jon\Downloads\HiJackThis.exe
2014-08-16 09:45 - 2014-08-16 09:45 - 00000000 ____D () C:\Program Files (x86)\DealssFiNderPrroo
2014-08-16 09:44 - 2014-08-17 08:27 - 00000340 _____ () C:\Windows\Tasks\微软设备健康助手自动更新.job
2014-08-16 09:44 - 2014-08-16 09:44 - 00003286 _____ () C:\Windows\System32\Tasks\微软设备健康助手自动更新
2014-08-16 09:44 - 2014-08-16 09:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Device Health
2014-08-16 09:34 - 2014-08-16 09:34 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_B94
2014-08-16 09:30 - 2014-08-16 09:32 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_DD5
2014-08-16 09:30 - 2014-07-01 06:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 09:30 - 2014-07-01 06:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 09:30 - 2014-03-10 05:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 09:30 - 2014-03-10 05:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 09:30 - 2014-03-10 05:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 09:30 - 2014-03-10 05:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 09:29 - 2014-06-06 14:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 09:29 - 2014-06-06 14:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 23:16 - 2014-08-15 23:16 - 00018120 _____ () C:\Users\Jon\Downloads\[kickass.to]cumfiesta.dillion.carter.molly.bliss.pure.bliss.07.29.2014.torrent
2014-08-15 23:00 - 2014-08-15 23:00 - 00096139 _____ () C:\Users\Jon\Downloads\[kickass.to]legends.2014.s01e01.720p.hdtv.x264.2hd.rartv.torrent
2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 14:12 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 14:12 - 2014-07-09 10:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 14:12 - 2014-07-09 09:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 14:12 - 2014-07-09 09:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 14:12 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 14:12 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 14:12 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 14:12 - 2014-07-09 06:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 14:12 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 14:11 - 2014-07-16 11:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 14:11 - 2014-07-16 10:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 14:11 - 2014-07-16 10:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 14:11 - 2014-06-03 18:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 14:11 - 2014-06-03 18:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 14:11 - 2014-06-03 18:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 14:11 - 2014-06-03 18:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 14:11 - 2014-06-03 17:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 14:11 - 2014-06-03 17:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 14:11 - 2014-06-03 17:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 14:10 - 2014-08-01 07:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 14:10 - 2014-08-01 07:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 14:10 - 2014-07-25 22:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 14:10 - 2014-07-25 22:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 14:10 - 2014-07-25 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 14:10 - 2014-07-25 21:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 14:10 - 2014-07-25 21:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 14:10 - 2014-07-25 21:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 14:10 - 2014-07-25 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 14:10 - 2014-07-25 21:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 14:10 - 2014-07-25 21:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 14:10 - 2014-07-25 21:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 14:10 - 2014-07-25 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 14:10 - 2014-07-25 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 14:10 - 2014-07-25 21:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 14:10 - 2014-07-25 21:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 14:10 - 2014-07-25 21:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 14:10 - 2014-07-25 20:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 14:10 - 2014-07-25 20:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 14:10 - 2014-07-25 20:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 14:10 - 2014-07-25 20:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 14:10 - 2014-07-25 20:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 14:10 - 2014-07-25 20:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 14:10 - 2014-07-25 20:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 14:10 - 2014-07-25 20:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 14:10 - 2014-07-25 20:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 14:10 - 2014-07-25 20:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 14:10 - 2014-07-25 20:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 14:10 - 2014-07-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 14:10 - 2014-07-25 20:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 14:10 - 2014-07-25 20:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 14:10 - 2014-07-25 20:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 14:10 - 2014-07-25 20:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 14:10 - 2014-07-25 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 14:10 - 2014-07-25 20:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 14:10 - 2014-07-25 20:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 14:10 - 2014-07-25 19:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 14:10 - 2014-07-25 19:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 14:10 - 2014-07-25 19:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 14:10 - 2014-07-25 19:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 14:10 - 2014-07-25 19:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 14:10 - 2014-07-25 19:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 14:10 - 2014-07-25 19:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 14:10 - 2014-07-25 19:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 14:10 - 2014-07-25 19:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 14:10 - 2014-07-25 19:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 14:10 - 2014-07-25 19:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 14:10 - 2014-07-25 19:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 14:10 - 2014-07-25 19:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 14:10 - 2014-07-25 19:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 14:10 - 2014-07-25 18:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 14:10 - 2014-07-25 18:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 14:10 - 2014-07-25 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 14:10 - 2014-07-25 18:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 14:10 - 2014-07-25 18:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 14:10 - 2014-07-25 18:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 14:06 - 2014-08-07 10:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 14:06 - 2014-08-07 10:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 14:06 - 2014-07-14 10:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 14:06 - 2014-07-14 09:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 23:37 - 2014-08-14 23:37 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog (1).xlsx
2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv.torrent
2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv (1).torrent
2014-08-13 16:24 - 2014-08-17 00:00 - 00001456 _____ () C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-08-13 15:49 - 2014-08-13 15:49 - 00003494 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jon-PC-Jon
2014-08-13 15:08 - 2014-08-16 09:45 - 00000000 ____D () C:\ProgramData\DealssFiNderPrroo
2014-08-13 09:52 - 2014-08-13 09:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-08-13 09:52 - 2014-08-13 09:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-13 09:51 - 2014-08-13 09:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2014-08-13 09:50 - 2014-08-13 09:52 - 00000000 ____D () C:\Program Files\Adobe
2014-08-13 09:50 - 2014-08-13 09:50 - 00001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-08-13 09:49 - 2014-08-13 09:49 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-08-13 09:45 - 2014-08-13 09:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-08-13 09:45 - 2014-08-13 09:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-08-13 09:39 - 2014-08-13 09:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-12 16:00 - 2014-08-12 16:00 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (2).xls
2014-08-10 00:50 - 2014-08-10 00:50 - 00051035 _____ () C:\Users\Jon\Downloads\[kickass.to]bigmouthfuls.13.09.30.dillion.carter.xxx.720p.mp4.ktr.torrent
2014-08-09 21:08 - 2014-08-09 21:09 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog.xlsx
2014-08-08 23:55 - 2014-08-08 23:55 - 00138219 _____ () C:\Users\Jon\Downloads\[kickass.to]adobe.photoshop.cs6.13.0.1.extended.final.multilanguage.cracked.dll.chingliu.torrent
2014-08-08 10:24 - 2014-08-08 10:24 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (1).xls
2014-08-08 10:20 - 2014-08-08 10:21 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08.xls
2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4.torrent
2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4 (1).torrent
2014-08-06 10:20 - 2014-08-06 10:20 - 00035832 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-08-05 00:35 - 2014-08-05 00:35 - 00096256 _____ () C:\Users\Jon\Desktop\PI-US-Jon 140805 191usd Aspire Sample.xls
2014-08-03 23:26 - 2014-08-09 01:45 - 03949568 _____ () C:\Users\Jon\Desktop\Witshine.xls
2014-08-03 19:42 - 2014-08-15 14:09 - 00000000 ____D () C:\Users\Jon\Desktop\Thunder Cloud Vapers
2014-08-03 16:49 - 2014-08-17 02:00 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0.job
2014-08-03 16:49 - 2014-08-17 00:49 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46.job
2014-08-03 16:49 - 2014-08-03 16:49 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0
2014-08-03 16:49 - 2014-08-03 16:49 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46
2014-08-03 16:49 - 2014-08-03 16:49 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com
2014-08-03 16:47 - 2014-08-17 00:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-03 16:47 - 2014-08-03 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-03 16:47 - 2014-08-03 16:47 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-03 16:47 - 2014-08-03 16:47 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-03 16:45 - 2014-08-03 16:46 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Jon\Downloads\SUPERAntiSpyware.exe
2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\Users\Jon\AppData\Local\Skype
2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 00:56 - 2014-08-03 00:56 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Jon\Downloads\SkypeSetup(1).exe
2014-08-03 00:37 - 2014-08-03 00:47 - 00000000 ____D () C:\Users\Jon\Desktop\Photo Book
2014-08-02 23:43 - 2014-08-03 10:01 - 00000000 ____D () C:\Users\Jon\Desktop\K1 Pictures and relationship evidence
2014-08-02 19:54 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 19:54 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 19:54 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 19:54 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 19:54 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 19:54 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 19:54 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 19:54 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 19:54 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 19:54 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 19:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 19:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 19:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 19:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 18:12 - 2014-08-02 18:13 - 00563731 _____ () C:\Users\Jon\Downloads\install.exe
2014-08-01 23:54 - 2014-08-06 10:24 - 00000000 ____D () C:\Users\Jon\AppData\Local\alipay
2014-08-01 23:54 - 2014-08-01 23:54 - 00000000 ____D () C:\alipay
2014-07-31 23:20 - 2014-08-16 23:26 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\TaobaoProtect
2014-07-31 22:33 - 2014-07-31 22:33 - 00043441 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e05.720p.hdtv.x264.killers.eztv.torrent
2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv.torrent
2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv (1).torrent
2014-07-31 22:33 - 2014-07-31 22:33 - 00012815 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e04.hdtv.x264.killers.eztv (1).torrent
2014-07-31 22:31 - 2014-07-31 22:31 - 00012927 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e03.hdtv.x264.asap.mp4.torrent
2014-07-31 22:30 - 2014-07-31 22:30 - 00023838 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e02.hdtv.x264.asap.ettv.torrent
2014-07-31 22:25 - 2014-07-31 22:25 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\alipay
2014-07-31 22:22 - 2014-08-07 14:24 - 00000000 ____D () C:\Program Files (x86)\alipay
2014-07-31 22:22 - 2014-07-31 22:22 - 00001078 _____ () C:\Users\Jon\AppData\Roaming\base64.cer
2014-07-31 22:21 - 2014-07-31 22:21 - 04151744 _____ () C:\Users\Jon\Downloads\aliedit.exe
2014-07-31 18:23 - 2014-07-31 18:24 - 01276520 _____ () C:\Windows\Minidump\073114-39889-01.dmp
2014-07-31 10:52 - 2014-07-31 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 10:05 - 2014-08-16 09:47 - 00000000 ____D () C:\ProgramData\saaveron
2014-07-31 10:05 - 2014-08-16 09:47 - 00000000 ____D () C:\ProgramData\93e16d846da0da69
2014-07-31 10:05 - 2014-07-31 10:05 - 00000000 ____D () C:\Users\Jon\AppData\Local\Packages
2014-07-31 01:48 - 2014-07-31 01:48 - 00011593 _____ () C:\Users\Jon\Downloads\[JSU发布组] RKI-111无码流出修复版 京香julia.torrent
2014-07-30 20:32 - 2014-07-30 20:33 - 01267168 _____ () C:\Windows\Minidump\073014-41371-01.dmp
2014-07-29 21:08 - 2014-07-29 21:08 - 01219768 _____ () C:\Windows\Minidump\072914-36644-01.dmp
2014-07-29 16:44 - 2014-07-29 16:45 - 01212840 _____ () C:\Windows\Minidump\072914-37377-01.dmp
2014-07-28 19:07 - 2014-07-28 21:43 - 00000000 ____D () C:\Users\Jon\Desktop\Taobao
2014-07-28 16:47 - 2014-07-28 16:47 - 01259800 _____ () C:\Windows\Minidump\072814-27690-01.dmp
2014-07-27 14:39 - 2014-07-27 14:40 - 01216552 _____ () C:\Windows\Minidump\072714-38781-01.dmp
2014-07-26 23:19 - 2014-07-26 23:19 - 20463341 _____ () C:\Users\Jon\Downloads\product catalog1.rar
2014-07-26 17:33 - 2014-07-26 17:34 - 01262768 _____ () C:\Windows\Minidump\072614-58547-01.dmp
2014-07-26 14:32 - 2014-07-26 14:33 - 01276720 _____ () C:\Windows\Minidump\072614-69810-01.dmp
2014-07-22 15:50 - 2014-07-22 15:50 - 00767456 _____ () C:\Windows\Minidump\072214-46878-01.dmp
2014-07-20 23:27 - 2014-08-17 08:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 23:27 - 2014-07-22 00:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-20 23:27 - 2014-07-20 23:27 - 00000000 ____D () C:\Users\Jon\AppData\Local\Macromedia
2014-07-20 22:23 - 2014-07-20 22:24 - 00000000 ____D () C:\Users\Sophia\AppData\Roaming\Mozilla
2014-07-20 22:23 - 2014-07-20 22:24 - 00000000 ____D () C:\Users\Sophia\AppData\Local\Mozilla
2014-07-20 17:18 - 2014-07-20 17:18 - 00008301 _____ () C:\Users\Jon\Downloads\[kickass.to]lorde.everybody.wants.to.rule.the.world.mp3.torrent
2014-07-20 06:16 - 2014-07-20 06:16 - 01192032 _____ () C:\Windows\Minidump\072014-58391-01.dmp
2014-07-20 02:24 - 2014-07-20 02:24 - 00011514 _____ () C:\Users\Jon\Downloads\[kickass.to]under.the.dome.s02e03.hdtv.x264.lol.eztv.torrent
2014-07-20 02:22 - 2014-07-20 02:22 - 00012871 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e04.hdtv.x264.lol.eztv (1).torrent
2014-07-19 11:40 - 2014-07-19 11:40 - 01262480 _____ () C:\Windows\Minidump\071914-55551-01.dmp
2014-07-18 23:52 - 2014-07-18 23:52 - 00015673 _____ () C:\Users\Jon\Downloads\[kickass.to]the.amazing.spider.man.2.2014.korsub.720p.webrip.x264.aac.jyk.torrent
2014-07-18 21:25 - 2014-07-19 12:12 - 00013106 ____H () C:\Users\Jon\Desktop\~WRL0915.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 09:20 - 2014-08-17 09:20 - 00028003 _____ () C:\Users\Jon\Downloads\FRST.txt
2014-08-17 09:20 - 2014-08-17 09:19 - 00000000 ____D () C:\FRST
2014-08-17 09:20 - 2013-07-10 23:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 09:19 - 2013-06-29 16:19 - 01347671 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 09:18 - 2014-08-17 09:17 - 02101760 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2014-08-17 09:17 - 2013-11-04 22:46 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\.strongvpn
2014-08-17 09:16 - 2009-07-14 13:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 09:15 - 2009-07-14 12:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 09:15 - 2009-07-14 12:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 09:13 - 2013-09-10 10:14 - 00000000 ___RD () C:\Users\Jon\Dropbox
2014-08-17 09:13 - 2013-09-10 09:56 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Dropbox
2014-08-17 09:12 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2014-08-17 09:11 - 2013-07-14 09:02 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\uTorrent
2014-08-17 09:11 - 2013-06-29 15:00 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-08-17 09:11 - 2013-06-29 15:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-08-17 09:11 - 2013-06-29 14:54 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-08-17 09:10 - 2013-10-10 14:37 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-17 09:10 - 2013-07-10 23:34 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 09:10 - 2009-07-14 12:45 - 05073024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 09:09 - 2013-10-08 21:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-17 09:09 - 2013-06-29 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-17 09:09 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 09:09 - 2009-07-14 12:51 - 00097954 _____ () C:\Windows\setupact.log
2014-08-17 09:07 - 2010-11-21 11:47 - 00430404 _____ () C:\Windows\PFRO.log
2014-08-17 09:07 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 08:27 - 2014-08-16 09:44 - 00000340 _____ () C:\Windows\Tasks\微软设备健康助手自动更新.job
2014-08-17 08:27 - 2014-07-20 23:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 02:00 - 2014-08-03 16:49 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0.job
2014-08-17 01:58 - 2014-05-25 16:54 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\vlc
2014-08-17 00:51 - 2014-08-03 16:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 00:49 - 2014-08-03 16:49 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46.job
2014-08-17 00:44 - 2014-08-17 00:44 - 00078535 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e08.720p.hdtv.x264.killers.rartv.torrent
2014-08-17 00:00 - 2014-08-13 16:24 - 00001456 _____ () C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-08-16 23:26 - 2014-07-31 23:20 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\TaobaoProtect
2014-08-16 14:49 - 2013-07-12 05:13 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv.torrent
2014-08-16 14:45 - 2014-08-16 14:45 - 00025488 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e07.hdtv.x264.killers.ettv (1).torrent
2014-08-16 14:39 - 2014-08-16 14:39 - 00026293 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e05.hdtv.x264.2hd.ettv.torrent
2014-08-16 10:07 - 2014-08-16 10:07 - 00084244 _____ () C:\Users\Jon\Downloads\Extras.Txt
2014-08-16 10:03 - 2014-08-16 10:03 - 00424190 _____ () C:\Users\Jon\Downloads\OTL.Txt
2014-08-16 09:55 - 2014-08-16 09:55 - 00602112 _____ (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe
2014-08-16 09:50 - 2013-06-29 14:40 - 00000000 ____D () C:\Program Files (x86)\ST Microelectronics
2014-08-16 09:50 - 2013-06-29 14:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-16 09:47 - 2014-08-16 09:47 - 00000000 ____D () C:\Program Files (x86)\saaveron
2014-08-16 09:47 - 2014-08-16 09:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jon\Downloads\HiJackThis.exe
2014-08-16 09:47 - 2014-07-31 10:05 - 00000000 ____D () C:\ProgramData\saaveron
2014-08-16 09:47 - 2014-07-31 10:05 - 00000000 ____D () C:\ProgramData\93e16d846da0da69
2014-08-16 09:47 - 2014-07-14 11:18 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\NJStar
2014-08-16 09:46 - 2013-09-13 07:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 09:45 - 2014-08-16 09:45 - 00000000 ____D () C:\Program Files (x86)\DealssFiNderPrroo
2014-08-16 09:45 - 2014-08-13 15:08 - 00000000 ____D () C:\ProgramData\DealssFiNderPrroo
2014-08-16 09:44 - 2014-08-16 09:44 - 00003286 _____ () C:\Windows\System32\Tasks\微软设备健康助手自动更新
2014-08-16 09:44 - 2014-08-16 09:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Device Health
2014-08-16 09:43 - 2013-07-11 04:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-16 09:39 - 2013-09-13 07:25 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 09:34 - 2014-08-16 09:34 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_B94
2014-08-16 09:32 - 2014-08-16 09:30 - 00000000 ____D () C:\Users\Jon\AppData\OICE_15_974FA576_32C1D314_DD5
2014-08-16 09:28 - 2014-05-07 15:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 23:16 - 2014-08-15 23:16 - 00018120 _____ () C:\Users\Jon\Downloads\[kickass.to]cumfiesta.dillion.carter.molly.bliss.pure.bliss.07.29.2014.torrent
2014-08-15 23:00 - 2014-08-15 23:00 - 00096139 _____ () C:\Users\Jon\Downloads\[kickass.to]legends.2014.s01e01.720p.hdtv.x264.2hd.rartv.torrent
2014-08-15 14:09 - 2014-08-03 19:42 - 00000000 ____D () C:\Users\Jon\Desktop\Thunder Cloud Vapers
2014-08-15 09:53 - 2014-03-11 09:39 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 09:14 - 2014-07-14 11:34 - 00000000 ____D () C:\Users\Jon\Desktop\X
2014-08-15 01:34 - 2013-10-18 09:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Skype
2014-08-15 00:02 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-14 23:37 - 2014-08-14 23:37 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog (1).xlsx
2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv.torrent
2014-08-13 22:41 - 2014-08-13 22:41 - 00025429 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.ettv (1).torrent
2014-08-13 16:31 - 2013-07-18 07:43 - 00000000 ____D () C:\Users\Jon\AppData\Local\Adobe
2014-08-13 16:12 - 2013-07-10 23:33 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Adobe
2014-08-13 15:49 - 2014-08-13 15:49 - 00003494 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jon-PC-Jon
2014-08-13 13:01 - 2013-07-12 05:10 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\PCDr
2014-08-13 09:53 - 2013-07-10 23:02 - 00114456 _____ () C:\Users\Jon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-13 09:52 - 2014-08-13 09:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-08-13 09:52 - 2014-08-13 09:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-13 09:52 - 2014-08-13 09:50 - 00000000 ____D () C:\Program Files\Adobe
2014-08-13 09:52 - 2014-08-13 09:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-13 09:52 - 2013-06-29 15:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-13 09:51 - 2014-08-13 09:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2014-08-13 09:51 - 2013-09-05 00:37 - 00000000 ____D () C:\Users\Jon\Desktop\MISC
2014-08-13 09:50 - 2014-08-13 09:50 - 00001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-08-13 09:50 - 2014-01-08 09:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-13 09:49 - 2014-08-13 09:49 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-08-13 09:45 - 2014-08-13 09:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-08-13 09:45 - 2014-08-13 09:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-08-12 16:00 - 2014-08-12 16:00 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (2).xls
2014-08-10 00:50 - 2014-08-10 00:50 - 00051035 _____ () C:\Users\Jon\Downloads\[kickass.to]bigmouthfuls.13.09.30.dillion.carter.xxx.720p.mp4.ktr.torrent
2014-08-09 21:09 - 2014-08-09 21:08 - 08546739 _____ () C:\Users\Jon\Downloads\the hot selling catalog.xlsx
2014-08-09 10:29 - 2013-10-18 09:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 01:45 - 2014-08-03 23:26 - 03949568 _____ () C:\Users\Jon\Desktop\Witshine.xls
2014-08-08 23:55 - 2014-08-08 23:55 - 00138219 _____ () C:\Users\Jon\Downloads\[kickass.to]adobe.photoshop.cs6.13.0.1.extended.final.multilanguage.cracked.dll.chingliu.torrent
2014-08-08 10:24 - 2014-08-08 10:24 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08 (1).xls
2014-08-08 10:21 - 2014-08-08 10:20 - 00026624 _____ () C:\Users\Jon\Downloads\PIsunny140808-08.xls
2014-08-07 14:24 - 2014-07-31 22:22 - 00000000 ____D () C:\Program Files (x86)\alipay
2014-08-07 10:06 - 2014-08-15 14:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 10:01 - 2014-08-15 14:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4.torrent
2014-08-06 16:34 - 2014-08-06 16:34 - 00013047 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e04.hdtv.x264.asap.mp4 (1).torrent
2014-08-06 10:24 - 2014-08-01 23:54 - 00000000 ____D () C:\Users\Jon\AppData\Local\alipay
2014-08-06 10:20 - 2014-08-06 10:20 - 00035832 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-08-05 00:35 - 2014-08-05 00:35 - 00096256 _____ () C:\Users\Jon\Desktop\PI-US-Jon 140805 191usd Aspire Sample.xls
2014-08-04 09:57 - 2014-04-10 00:50 - 00000000 ____D () C:\Windows\rescache
2014-08-03 17:23 - 2014-05-25 17:06 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-08-03 17:23 - 2013-10-27 15:53 - 00000000 ____D () C:\Users\Jon\Downloads\Zipper-BitTorrent-a
2014-08-03 16:49 - 2014-08-03 16:49 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0
2014-08-03 16:49 - 2014-08-03 16:49 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46
2014-08-03 16:49 - 2014-08-03 16:49 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com
2014-08-03 16:49 - 2014-08-03 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-03 16:47 - 2014-08-03 16:47 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-03 16:47 - 2014-08-03 16:47 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-03 16:46 - 2014-08-03 16:45 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Jon\Downloads\SUPERAntiSpyware.exe
2014-08-03 10:01 - 2014-08-02 23:43 - 00000000 ____D () C:\Users\Jon\Desktop\K1 Pictures and relationship evidence
2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\Users\Jon\AppData\Local\Skype
2014-08-03 01:01 - 2014-08-03 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 01:01 - 2013-10-18 09:09 - 00000000 ____D () C:\ProgramData\Skype
2014-08-03 00:56 - 2014-08-03 00:56 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Jon\Downloads\SkypeSetup(1).exe
2014-08-03 00:47 - 2014-08-03 00:37 - 00000000 ____D () C:\Users\Jon\Desktop\Photo Book
2014-08-02 18:13 - 2014-08-02 18:12 - 00563731 _____ () C:\Users\Jon\Downloads\install.exe
2014-08-02 00:51 - 2013-07-10 23:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-01 23:54 - 2014-08-01 23:54 - 00000000 ____D () C:\alipay
2014-08-01 23:54 - 2014-07-10 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 07:41 - 2014-08-15 14:10 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 07:16 - 2014-08-15 14:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:33 - 2014-07-31 22:33 - 00043441 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e05.720p.hdtv.x264.killers.eztv.torrent
2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv.torrent
2014-07-31 22:33 - 2014-07-31 22:33 - 00041758 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e06.720p.hdtv.x264.immerse.eztv (1).torrent
2014-07-31 22:33 - 2014-07-31 22:33 - 00012815 _____ () C:\Users\Jon\Downloads\[kickass.to]falling.skies.s04e04.hdtv.x264.killers.eztv (1).torrent
2014-07-31 22:31 - 2014-07-31 22:31 - 00012927 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e03.hdtv.x264.asap.mp4.torrent
2014-07-31 22:30 - 2014-07-31 22:30 - 00023838 _____ () C:\Users\Jon\Downloads\[kickass.to]ray.donovan.s02e02.hdtv.x264.asap.ettv.torrent
2014-07-31 22:25 - 2014-07-31 22:25 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\alipay
2014-07-31 22:22 - 2014-07-31 22:22 - 00001078 _____ () C:\Users\Jon\AppData\Roaming\base64.cer
2014-07-31 22:21 - 2014-07-31 22:21 - 04151744 _____ () C:\Users\Jon\Downloads\aliedit.exe
2014-07-31 18:24 - 2014-07-31 18:23 - 01276520 _____ () C:\Windows\Minidump\073114-39889-01.dmp
2014-07-31 18:23 - 2013-07-15 06:59 - 00000000 ____D () C:\Windows\Minidump
2014-07-31 10:52 - 2014-07-31 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 10:05 - 2014-07-31 10:05 - 00000000 ____D () C:\Users\Jon\AppData\Local\Packages
2014-07-31 09:45 - 2014-07-10 22:13 - 00000000 ____D () C:\ProgramData\374311380
2014-07-31 01:48 - 2014-07-31 01:48 - 00011593 _____ () C:\Users\Jon\Downloads\[JSU发布组] RKI-111无码流出修复版 京香julia.torrent
2014-07-30 20:33 - 2014-07-30 20:32 - 01267168 _____ () C:\Windows\Minidump\073014-41371-01.dmp
2014-07-29 21:08 - 2014-07-29 21:08 - 01219768 _____ () C:\Windows\Minidump\072914-36644-01.dmp
2014-07-29 16:45 - 2014-07-29 16:44 - 01212840 _____ () C:\Windows\Minidump\072914-37377-01.dmp
2014-07-28 21:43 - 2014-07-28 19:07 - 00000000 ____D () C:\Users\Jon\Desktop\Taobao
2014-07-28 21:11 - 2013-11-03 09:15 - 00000000 ____D () C:\Users\Jon\Documents\Tencent Files
2014-07-28 16:47 - 2014-07-28 16:47 - 01259800 _____ () C:\Windows\Minidump\072814-27690-01.dmp
2014-07-27 14:40 - 2014-07-27 14:39 - 01216552 _____ () C:\Windows\Minidump\072714-38781-01.dmp
2014-07-26 23:19 - 2014-07-26 23:19 - 20463341 _____ () C:\Users\Jon\Downloads\product catalog1.rar
2014-07-26 17:34 - 2014-07-26 17:33 - 01262768 _____ () C:\Windows\Minidump\072614-58547-01.dmp
2014-07-26 14:33 - 2014-07-26 14:32 - 01276720 _____ () C:\Windows\Minidump\072614-69810-01.dmp
2014-07-26 14:32 - 2013-07-13 09:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 14:32 - 2013-07-13 09:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 23:22 - 2013-07-13 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 22:52 - 2014-08-15 14:10 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 22:02 - 2014-08-15 14:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 22:01 - 2014-08-15 14:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 21:51 - 2014-08-15 14:10 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 21:30 - 2014-08-15 14:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 21:28 - 2014-08-15 14:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 21:28 - 2014-08-15 14:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 21:25 - 2014-08-15 14:10 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 21:25 - 2014-08-15 14:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 21:11 - 2014-08-15 14:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 21:10 - 2014-08-15 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 21:04 - 2014-08-15 14:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 21:03 - 2014-08-15 14:10 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 21:00 - 2014-08-15 14:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 21:00 - 2014-08-15 14:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 20:59 - 2014-08-15 14:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 20:47 - 2014-08-15 14:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 20:40 - 2014-08-15 14:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 20:34 - 2014-08-15 14:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 20:34 - 2014-08-15 14:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 20:33 - 2014-08-15 14:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 20:30 - 2014-08-15 14:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 20:28 - 2014-08-15 14:10 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 20:28 - 2014-08-15 14:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 20:21 - 2014-08-15 14:10 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 20:19 - 2014-08-15 14:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 20:18 - 2014-08-15 14:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 20:17 - 2014-08-15 14:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 20:17 - 2014-08-15 14:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 20:12 - 2014-08-15 14:10 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 20:10 - 2014-08-15 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 20:10 - 2014-08-15 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 20:08 - 2014-08-15 14:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 20:06 - 2014-08-15 14:10 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 19:52 - 2014-08-15 14:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 19:47 - 2014-08-15 14:10 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 19:43 - 2014-08-15 14:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 19:42 - 2014-08-15 14:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 19:39 - 2014-08-15 14:10 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 19:39 - 2014-08-15 14:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 19:36 - 2014-08-15 14:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 19:34 - 2014-08-15 14:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 19:29 - 2014-08-15 14:10 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 19:23 - 2014-08-15 14:10 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 19:13 - 2014-08-15 14:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 19:07 - 2014-08-15 14:10 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 19:07 - 2014-08-15 14:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 19:03 - 2014-08-15 14:10 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 18:52 - 2014-08-15 14:10 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 18:26 - 2014-08-15 14:10 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 18:17 - 2014-08-15 14:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 18:09 - 2014-08-15 14:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 18:05 - 2014-08-15 14:10 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 18:00 - 2014-08-15 14:10 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 00:39 - 2009-07-14 13:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-22 15:50 - 2014-07-22 15:50 - 00767456 _____ () C:\Windows\Minidump\072214-46878-01.dmp
2014-07-22 00:46 - 2014-07-20 23:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-22 00:46 - 2013-06-29 14:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-22 00:46 - 2013-06-29 14:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-20 23:27 - 2014-07-20 23:27 - 00000000 ____D () C:\Users\Jon\AppData\Local\Macromedia
2014-07-20 22:24 - 2014-07-20 22:23 - 00000000 ____D () C:\Users\Sophia\AppData\Roaming\Mozilla
2014-07-20 22:24 - 2014-07-20 22:23 - 00000000 ____D () C:\Users\Sophia\AppData\Local\Mozilla
2014-07-20 17:18 - 2014-07-20 17:18 - 00008301 _____ () C:\Users\Jon\Downloads\[kickass.to]lorde.everybody.wants.to.rule.the.world.mp3.torrent
2014-07-20 06:16 - 2014-07-20 06:16 - 01192032 _____ () C:\Windows\Minidump\072014-58391-01.dmp
2014-07-20 02:24 - 2014-07-20 02:24 - 00011514 _____ () C:\Users\Jon\Downloads\[kickass.to]under.the.dome.s02e03.hdtv.x264.lol.eztv.torrent
2014-07-20 02:22 - 2014-07-20 02:22 - 00012871 _____ () C:\Users\Jon\Downloads\[kickass.to]the.last.ship.s01e04.hdtv.x264.lol.eztv (1).torrent
2014-07-19 12:12 - 2014-07-18 21:25 - 00013106 ____H () C:\Users\Jon\Desktop\~WRL0915.tmp
2014-07-19 11:40 - 2014-07-19 11:40 - 01262480 _____ () C:\Windows\Minidump\071914-55551-01.dmp
2014-07-18 23:52 - 2014-07-18 23:52 - 00015673 _____ () C:\Users\Jon\Downloads\[kickass.to]the.amazing.spider.man.2.2014.korsub.720p.webrip.x264.aac.jyk.torrent
 
Files to move or delete:
====================
C:\Users\Jon\.exe
 
 
Some content of TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbfpvmx.dll
C:\Users\Jon\AppData\Local\Temp\exthelper.exe
C:\Users\Jon\AppData\Local\Temp\qqsafeud.exe
C:\Users\Jon\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-09 15:25
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Jon at 2014-08-17 09:21:28
Running from C:\Users\Jon\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.0.2C - )
Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heritage Sports 8.2 (HKLM-x32\...\Heritage Sports 8.2) (Version: 8.2.12.201405261500 - Heritage Sports)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.00.0000 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Magic Online (HKLM-x32\...\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}) (Version: 3.00.0000 - Wizards of the Coast)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Media Player Codec Pack 4.3.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.1 - Media Player Codec Pack) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Soda PDF 3D Reader (HKLM-x32\...\{025C48E1-4695-4F49-906E-EBABCD54EA51}) (Version: 5.0.30.11889 - LULU Software Limited)
Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.3.4.5 - Black Oak Computers, Inc)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1108 - SUPERAntiSpyware.com)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.4.0 - Synaptics Incorporated)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wmaiper (x32 Version: 012.000.1456 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.0.16.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1522901231-1283582495-1218869647-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-08-2014 21:33:58 Scheduled Checkpoint
16-08-2014 01:26:10 Windows Update
16-08-2014 01:53:58 Removed SearchMe Toolbar v9.6.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-05-27 11:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2D195409-D940-438B-A18B-6DCF2DF62DA1} - System32\Tasks\AdobeAAMUpdater-1.0-Jon-PC-Jon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {3029194F-846D-447D-9A60-A5E220E3A22C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {4D6CF6E3-E260-488B-960A-5C3CD5E00E29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {4FFF1F34-75B4-4F14-8A0A-121BF420D8C9} - System32\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {5238D458-DE1F-4F6D-8C95-D7661E3E34AB} - System32\Tasks\{BE250B3D-1BA8-4F0D-8A93-6517B819C0B6} => Chrome.exe http://ui.skype.com/...all?page=tsBing
Task: {62C77413-2950-4FB8-B240-05E9B02A1C92} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {861BC50B-BD8F-48D9-824E-87EB0359F0D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {906EEAFE-31AA-4F4A-A5D2-B6F040EDA454} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {92DD13DA-90D6-4E6F-B4AF-8DC50BB1E3E5} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2014-06-06] ()
Task: {9FF3CCC0-6EC9-417F-B529-1A4F494954CA} - System32\Tasks\{B680D048-EB80-4D64-9692-A5F4716B6286} => Chrome.exe http://ui.skype.com/...all?page=tsMain
Task: {A1DEFA4E-A9FD-47C1-9868-4A42A089E8F6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)
Task: {A36F6B53-373D-4A54-B43C-25A72D074126} - System32\Tasks\{47AD3B7B-2D15-43E8-A462-5D1E7232B880} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {B0DDDB04-0CF0-44E3-9C3B-C6907FFC81A8} - System32\Tasks\{2EA402E7-B890-4C3A-9798-0738E41CDAFB} => Chrome.exe http://ui.skype.com/...all?page=tsMain
Task: {B551F808-F4AD-463E-A5C5-4AD63E03E1E7} - System32\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {CED6F9E9-8D94-4899-A97F-B2B6580E735A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {D3E7A6A7-90A0-4A02-852A-B08E5FE9A839} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {F48D7409-85CB-4BAD-83BA-402DB224A8C2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e1c51ca0-b81d-40f6-9aa9-e93ff12c5b46.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e207ba27-dd01-4152-a69d-1947ee1d0ec0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 12:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00085664 _____ () C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
2013-06-29 14:53 - 2013-01-18 23:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-12 10:37 - 2014-05-21 00:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-29 14:55 - 2012-01-27 10:49 - 02751808 ____N () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-06-29 16:03 - 2012-02-15 01:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00064672 _____ () C:\Program Files (x86)\Microsoft Device Health\Collectors\system_collector.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00023200 _____ () C:\Program Files (x86)\Microsoft Device Health\Collectors\user_collector.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00020640 _____ () C:\Program Files (x86)\Microsoft Device Health\Actuators\win_update_actuator.dll
2014-08-17 09:12 - 2014-08-17 09:12 - 00043008 _____ () c:\users\jon\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbfpvmx.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\Jon\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-20 03:23 - 2014-07-15 17:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 03:23 - 2014-07-15 17:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 03:23 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 03:23 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 03:23 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-02-28 16:51 - 2014-02-28 16:51 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e0cca00b42165c0b882a7ef23368c6ac\PSIClient.ni.dll
2013-06-29 14:38 - 2012-02-02 06:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NexDef Plug-in.lnk => C:\Windows\pss\NexDef Plug-in.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlienwareOn-ScreenDisplay => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Command Center Controllers => "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Integrated Webcam Live! Central => "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
MSCONFIG\startupreg: QQ2009 => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sound Blaster Recon3Di Control Panel => "c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: StrongVPN Client => "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: uTorrent => "C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2014 09:13:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.2.32126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6b0
 
Start Time: 01cfb9b82a8e0d07
 
Termination Time: 14
 
Application Path: C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe
 
Report Id: a1361652-25ab-11e4-8247-b90948f4e8f7
 
Error: (08/17/2014 09:10:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2014 01:39:45 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={17B18D64-9AAD-4555-A687-810E9B270415}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:38:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={05759DB9-D6FD-4400-8CD8-2340D38632EC}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:37:33 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9E89E653-7818-4DA3-91CC-CD100BC5378C}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:36:27 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={53BC09E9-FA2C-4936-B843-42C90D543D58}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:35:21 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={46976D27-F1C9-4741-8362-5F337D217AC4}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:34:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={21105392-C52F-45D0-9FD8-213F311FAEE6}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:33:09 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5C210B7C-5830-4346-8EFE-C7319C5780AB}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
Error: (08/17/2014 01:32:03 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B4D37B11-FCCF-4A72-BE89-72BFA87CD193}: The user Jon-PC\Jon dialed a connection named StrongVPN - 309053-L2TP which has failed. The error code returned on failure is 789.
 
 
System errors:
=============
Error: (08/17/2014 09:21:57 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:57 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:57 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:41 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:41 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:33 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
Error: (08/17/2014 09:21:31 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.
 
 
Microsoft Office Sessions:
=========================
Error: (08/17/2014 09:13:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe3.4.2.321266b001cfb9b82a8e0d0714C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exea1361652-25ab-11e4-8247-b90948f4e8f7
 
Error: (08/17/2014 09:10:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2014 01:39:45 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {17B18D64-9AAD-4555-A687-810E9B270415}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:38:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {05759DB9-D6FD-4400-8CD8-2340D38632EC}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:37:33 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {9E89E653-7818-4DA3-91CC-CD100BC5378C}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:36:27 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {53BC09E9-FA2C-4936-B843-42C90D543D58}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:35:21 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {46976D27-F1C9-4741-8362-5F337D217AC4}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:34:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {21105392-C52F-45D0-9FD8-213F311FAEE6}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:33:09 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {5C210B7C-5830-4346-8EFE-C7319C5780AB}Jon-PC\JonStrongVPN - 309053-L2TP789
 
Error: (08/17/2014 01:32:03 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {B4D37B11-FCCF-4A72-BE89-72BFA87CD193}Jon-PC\JonStrongVPN - 309053-L2TP789
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-27 11:23:08.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-27 11:23:08.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3740QM CPU @ 2.70GHz
Percentage of memory in use: 41%
Total physical RAM: 8074.31 MB
Available physical RAM: 4692.05 MB
Total Pagefile: 16146.8 MB
Available Pagefile: 12662.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.1 GB) (Free:22.71 GB) NTFS
Drive e: (DATAPART2) (Fixed) (Total:59.62 GB) (Free:59.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8443CBBC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8443CF76)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 8443CF64)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-17 09:26:18
-----------------------------
09:26:18.149    OS Version: Windows x64 6.1.7601 Service Pack 1
09:26:18.149    Number of processors: 8 586 0x3A09
09:26:18.150    ComputerName: JON-PC  UserName: Jon
09:26:19.580    Initialize success
09:26:19.619    VM: initialized successfully
09:26:19.684    VM: Intel CPU supported 
09:26:26.013    VM: disk I/O iaStorA.sys
09:26:43.094    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a2
09:26:43.098    Disk 0 Vendor: ATA_____ A500 Size: 476940MB BusType: 8
09:26:43.103    Disk 1  \Device\Harddisk1\DR1 -> \Device\000000a3
09:26:43.108    Disk 1 Vendor: ATA_____ A500 Size: 476940MB BusType: 8
09:26:43.113    Disk 2  \Device\Harddisk2\DR2 -> \Device\000000a5
09:26:43.118    Disk 2 Vendor: ATA_____ 3D1Q Size: 61057MB BusType: 8
09:26:43.234    Disk 0 MBR read error 0
09:26:43.240    Disk 0 MBR scan
09:26:43.246    Disk 0 unknown MBR code
09:26:43.252    MBR BIOS signature not found 0
09:26:43.499    Disk 0 scanning C:\Windows\system32\drivers
09:26:49.160    Service scanning
09:27:03.785    Modules scanning
09:27:03.795    Disk 0 trace - called modules:
09:27:03.841    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
09:27:03.849    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800844c790]
09:27:03.856    3 CLASSPNP.SYS[fffff880017a643f] -> nt!IofCallDriver -> [0xfffffa8008394a90]
09:27:03.863    5 iaStorF.sys[fffff880019a39a0] -> nt!IofCallDriver -> \Device\000000a2[0xfffffa8007dc79c0]
09:27:03.872    Scan finished successfully
09:27:14.727    Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"
09:27:14.736    The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"
 
 
 
 

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

HI :)



warning.gif P2P warning!

  • uTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

This is optional, but please consider this. In case of leaving it installed, please refrain from using it while we're cleaning your machine


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Still with me?
  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP