Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Url:mal threats detected


  • This topic is locked This topic is locked

#16
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, cookie88.

Please, do the following steps and tell me if you still have any problems with your computer after doing them:

Step #1
Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content
  • Please tell me if you still have problems with your computer

  • 0

Advertisements


#17
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi Nevan, my browser re-directed to a download7.file-mirror.org site during the eset scan. Prompting me to update chrome.

 

Ok here goes. 

 

First, the malware bytes scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/01/2015
Scan Time: 19:14:32
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.16.09
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lea
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413620
Time Elapsed: 49 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Now the Eset Scan:
 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9bc3043ccaffc14d9b0f5e830b768a1b
# engine=22007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-16 11:06:25
# local_time=2015-01-16 11:06:25 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 625591 22487883 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 21914 173914635 0 0
# scanned=231674
# found=17
# cleaned=0
# scan_time=10056
sh=D96D97E840D48EB6110DFBC3DEF62FF7D28F3A77 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest.Lea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgncahigkdindkbkjmilfnlggeckgdbf\2.0\content.js.vir"
sh=5B99A96B5E3CDA7F028F1698C9F3F80985912CE6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest.Lea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgncahigkdindkbkjmilfnlggeckgdbf\2.0\SY38fnmTmv.js.vir"
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan" ac=I fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=421D401BACDC94C8C378C81262F70A2D41B711FF ft=1 fh=ff2b7a997d2def00 vn="a variant of Win32/Agent.WMC trojan" ac=I fn="C:\ProgramData\Optimizer\program\winapp_Test002.exe"
sh=421D401BACDC94C8C378C81262F70A2D41B711FF ft=1 fh=ff2b7a997d2def00 vn="a variant of Win32/Agent.WMC trojan" ac=I fn="C:\Users\All Users\Optimizer\program\winapp_Test002.exe"
sh=D96D97E840D48EB6110DFBC3DEF62FF7D28F3A77 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Users\Guest.Lea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb\213\content.js"
sh=48CD0B41BF57CC05B32A958F10CED70A9BE114FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest.Lea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb\213\l.js"
sh=2337A9C1B17E72F4C4B5807C1F7098661E49B980 ft=1 fh=abbd31e3ba80409a vn="Win32/AnyProtect.E potentially unwanted application" ac=I fn="C:\Users\Lea\AppData\Local\nsfD6D0.tmp"
sh=15ADD579897251026AE1133818363480768EEBC1 ft=1 fh=9b8d06038107cbc2 vn="Win32/VOPackage.BC potentially unwanted application" ac=I fn="C:\Users\Lea\AppData\Local\nso9061.tmp"
sh=D3C566EA11BBF03DA33CE8C5E59A4ACB5219A190 ft=1 fh=d9747a39caf62997 vn="Win32/VOPackage.BC potentially unwanted application" ac=I fn="C:\Users\Lea\AppData\Local\nstEB99.tmp"
sh=9C8C4C6936D9DA45ECC9665A7594E1CE9C4F7944 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\utorrentcontrol2.jar"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Lea\Downloads\cbsidlm-cbsi145-Samsung_Mobile_Phone_Recovery_Pro-ORG-75962265.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Lea\Downloads\ccsetup413.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Lea\Downloads\ccsetup501.exe"
sh=6781851EE5C02854F2FB2234AE75BCA7AC974D4C ft=1 fh=fe8cc7abe52fbed9 vn="a variant of Win32/InstallCore.UW potentially unwanted application" ac=I fn="C:\Users\Lea\Downloads\Unconfirmed 161353.crdownload"
sh=6781851EE5C02854F2FB2234AE75BCA7AC974D4C ft=1 fh=fe8cc7abe52fbed9 vn="a variant of Win32/InstallCore.UW potentially unwanted application" ac=I fn="C:\Users\Lea\Downloads\Unconfirmed 85071.crdownload"
sh=6781851EE5C02854F2FB2234AE75BCA7AC974D4C ft=1 fh=fe8cc7abe52fbed9 vn="a variant of Win32/InstallCore.UW potentially unwanted application" ac=I fn="C:\Users\Lea\Downloads\Unconfirmed 994222.crdownload"
 
Security check log:
 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 55  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.257  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Google Chrome (39.0.2171.95) 
 Google Chrome (39.0.2171.99) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 

  • 0

#18
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, cookie88.

Please, do the following fix and tell me if you still have these redirect problems after that:

FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   897bytes   64 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
  • NOTE: Make sure that you reboot your computer after the fix if FRST won't do it.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • Tell me if you still have these redirect problems

  • 0

#19
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi Nevan,

 

I have not had my browser re-direct me to anything since, however, it took a few days for the re-directs to begin happening again last time.

 

I have had pop-ups on my desktop. One really random one asking me to update 7-zip. I've had 7-zip on my computer for a long time and hardly ever used it so I find it strange for a pop-up to just appear telling me to update it. Especially when I haven't loaded the programme first, to prompt it. 

 

I just clicked the close button.

 

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Lea at 2015-01-17 20:14:19 Run:4
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files\Adware-Removal-Tool
C:\ProgramData\Optimizer
C:\Users\All Users\Optimizer
C:\Users\Guest.Lea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb
C:\Users\Lea\AppData\Local\nsfD6D0.tmp
C:\Users\Lea\AppData\Local\nso9061.tmp
C:\Users\Lea\AppData\Local\nstEB99.tmp
C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
C:\Users\Lea\Downloads\cbsidlm-cbsi145-Samsung_Mobile_Phone_Recovery_Pro-ORG-75962265.exe
C:\Users\Lea\Downloads\ccsetup413.exe
C:\Users\Lea\Downloads\ccsetup501.exe
C:\Users\Lea\Downloads\Unconfirmed 161353.crdownload
C:\Users\Lea\Downloads\Unconfirmed 85071.crdownload
C:\Users\Lea\Downloads\Unconfirmed 994222.crdownload
C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"C:\Program Files\Adware-Removal-Tool" => File/Directory not found.
"C:\ProgramData\Optimizer" => File/Directory not found.
"C:\Users\All Users\Optimizer" => File/Directory not found.
"C:\Users\Guest.Lea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb" => File/Directory not found.
"C:\Users\Lea\AppData\Local\nsfD6D0.tmp" => File/Directory not found.
"C:\Users\Lea\AppData\Local\nso9061.tmp" => File/Directory not found.
"C:\Users\Lea\AppData\Local\nstEB99.tmp" => File/Directory not found.
"C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}" => File/Directory not found.
"C:\Users\Lea\Downloads\cbsidlm-cbsi145-Samsung_Mobile_Phone_Recovery_Pro-ORG-75962265.exe" => File/Directory not found.
"C:\Users\Lea\Downloads\ccsetup413.exe" => File/Directory not found.
"C:\Users\Lea\Downloads\ccsetup501.exe" => File/Directory not found.
"C:\Users\Lea\Downloads\Unconfirmed 161353.crdownload" => File/Directory not found.
"C:\Users\Lea\Downloads\Unconfirmed 85071.crdownload" => File/Directory not found.
"C:\Users\Lea\Downloads\Unconfirmed 994222.crdownload" => File/Directory not found.
"C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}" => File/Directory not found.
EmptyTemp: => Removed 637.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:15:47 ====

  • 0

#20
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, cookie88.

I'll need a fresh look on the system.

Step #1
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
OTL Scan
  • Download OTL to your Desktop.
  • Right click OTL.exe and click Run as administrator.
  • Make sure all other windows are closed
  • Check Scan All Users and Include 64bit Scans at the top of the OTL window.
    nxYSJ0n.png
  • Make sure that the Output at the top is set to Standard Output
    kevRXy8.png
  • Check the boxes next to LOP Check and Purity Check
    WbMCfFa.png
  • Make sure that Extra Registry section is set to Use SafeList
    e0XirB3.png
  • Do NOT change any other settings
  • Click the V1sfhWG.png button
  • Wait for OTL to finish the scan.
  • When the scan is done, a new OTL.txt and Extras.txt will be opened. If they won't, you should be able to find them at your desktop.
  • Select all (CTRL+A) the content of OTL.txt, copy it (CTRL+C) and paste (CTRL+V) it into your next reply. Do the same thing for Extras.txt.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • OTL.txt log content
  • Extras.txt log content

  • 0

#21
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Ok Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Lea (administrator) on LEA-PC on 20-01-2015 22:41:49
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DSGi) C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2275944 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2642728 2011-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [ADAiO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe [2779136 2010-12-09] (DSGi)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ADAiO2StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\ADAiO2MUI.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Run: [Google Update] => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-06] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-826546569-3919575575-2117434215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-826546569-3919575575-2117434215-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} https://britishgasto...om/HomeVend.cab
DPF: HKLM-x32 {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://bg.itronener...yBoxControl.cab
DPF: HKLM-x32 {2A293777-79CA-4DD9-A545-0E1718C0D3CF} https://bg.itronener...yboxControl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E731E39E-A891-4959-9E6D-1DC0D10BAA43}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @talk.google.com/O1DPlugin -> C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lea\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lea\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-03]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-03]
CHR Extension: (YouTube) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]
CHR Extension: (Google Search) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-03]
CHR Extension: (Google Sheets) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-03]
CHR Extension: (Avast Online Security) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Advent AIO Network Discovery Service; C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [361904 2011-10-14] (DSGi)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-21] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2013-12-13] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-21] ()
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-10] (Qualcomm Atheros)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-03] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-21] (Avast Software)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 20:02 - 2015-01-20 20:02 - 00091088 _____ () C:\Users\Lea\Downloads\Cleaner_January_2015.zip
2015-01-20 19:40 - 2015-01-20 19:40 - 00000197 _____ () C:\Windows\system32\2015-01-20-19-40-11.074-AvastVBoxSVC.exe-3672.log
2015-01-20 11:49 - 2015-01-20 11:49 - 00000197 _____ () C:\Windows\system32\2015-01-20-11-49-11.049-AvastVBoxSVC.exe-3756.log
2015-01-19 23:03 - 2015-01-19 23:04 - 00000197 _____ () C:\Windows\system32\2015-01-19-23-03-39.070-AvastVBoxSVC.exe-3480.log
2015-01-19 16:33 - 2015-01-19 16:33 - 00000197 _____ () C:\Windows\system32\2015-01-19-16-33-04.066-AvastVBoxSVC.exe-3384.log
2015-01-18 20:11 - 2015-01-18 20:11 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-11-25.018-AvastVBoxSVC.exe-3948.log
2015-01-17 21:24 - 2015-01-17 21:24 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-24-36.052-AvastVBoxSVC.exe-3664.log
2015-01-17 20:19 - 2015-01-17 20:19 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-19-25.097-AvastVBoxSVC.exe-3432.log
2015-01-17 20:17 - 2015-01-19 22:33 - 00000000 ____D () C:\ProgramData\Optimizer
2015-01-17 20:06 - 2015-01-17 20:06 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-06-18.019-AvastVBoxSVC.exe-3748.log
2015-01-16 23:15 - 2015-01-16 23:15 - 00852504 _____ () C:\Users\Lea\Downloads\SecurityCheck.exe
2015-01-16 20:15 - 2015-01-16 20:15 - 02347384 _____ (ESET) C:\Users\Lea\Downloads\esetsmartinstaller_enu.exe
2015-01-16 20:15 - 2015-01-16 20:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-16 20:13 - 2015-01-16 20:13 - 00001045 _____ () C:\Users\Lea\Desktop\mal.txt
2015-01-16 19:08 - 2015-01-16 19:08 - 00000197 _____ () C:\Windows\system32\2015-01-16-19-08-02.013-AvastVBoxSVC.exe-3400.log
2015-01-16 16:56 - 2015-01-16 16:56 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-56-53.083-AvastVBoxSVC.exe-3548.log
2015-01-15 21:59 - 2015-01-15 21:59 - 00000197 _____ () C:\Windows\system32\2015-01-15-21-59-07.040-AvastVBoxSVC.exe-3816.log
2015-01-15 21:46 - 2015-01-15 21:46 - 00005308 _____ () C:\Users\Lea\Desktop\JRT.txt
2015-01-15 21:41 - 2015-01-15 21:41 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 21:39 - 2015-01-15 21:39 - 01707939 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2015-01-15 21:36 - 2015-01-15 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-15-21-36-15.032-AvastVBoxSVC.exe-3524.log
2015-01-15 20:25 - 2015-01-15 20:25 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-25-13.041-AvastVBoxSVC.exe-3608.log
2015-01-14 22:29 - 2015-01-14 22:29 - 00000197 _____ () C:\Windows\system32\2015-01-14-22-29-40.079-AvastVBoxSVC.exe-3460.log
2015-01-14 00:19 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 00:19 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 00:19 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 00:19 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 00:19 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 00:19 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 00:19 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:19 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:19 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 00:19 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 00:19 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:19 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 00:19 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 00:07 - 2015-01-14 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-00-07-35.034-AvastVBoxSVC.exe-3536.log
2015-01-13 00:07 - 2015-01-13 00:07 - 00000197 _____ () C:\Windows\system32\2015-01-13-00-07-20.079-AvastVBoxSVC.exe-3204.log
2015-01-12 20:13 - 2015-01-12 20:14 - 00000197 _____ () C:\Windows\system32\2015-01-12-20-13-41.026-AvastVBoxSVC.exe-3748.log
2015-01-11 23:13 - 2015-01-11 23:15 - 00000000 ____D () C:\Users\Lea\Desktop\MATHS
2015-01-11 22:18 - 2015-01-11 22:18 - 00087552 _____ () C:\Users\Lea\Downloads\MOLE Lesson 2 Factors and Multiples.pptx
2015-01-11 22:10 - 2015-01-11 22:10 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup.exe
2015-01-11 22:01 - 2015-01-11 22:01 - 00000197 _____ () C:\Windows\system32\2015-01-11-22-01-45.062-AvastVBoxSVC.exe-3508.log
2015-01-11 16:35 - 2015-01-11 16:35 - 00000197 _____ () C:\Windows\system32\2015-01-11-16-35-20.068-AvastVBoxSVC.exe-3764.log
2015-01-10 13:11 - 2015-01-10 13:12 - 00000197 _____ () C:\Windows\system32\2015-01-10-13-11-55.049-AvastVBoxSVC.exe-3248.log
2015-01-09 21:41 - 2015-01-09 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-09-21-41-47.019-aswFe.exe-6996.log
2015-01-09 21:35 - 2015-01-09 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-09-21-35-04.007-aswFe.exe-852.log
2015-01-09 21:34 - 2015-01-09 21:35 - 00000197 _____ () C:\Windows\system32\2015-01-09-21-34-55.065-AvastVBoxSVC.exe-3728.log
2015-01-09 16:55 - 2015-01-09 16:55 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 16:55 - 2014-12-21 17:28 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 16:49 - 2015-01-09 16:49 - 00000197 _____ () C:\Windows\system32\2015-01-09-16-49-43.013-AvastVBoxSVC.exe-4176.log
2015-01-09 00:11 - 2015-01-09 00:11 - 00421431 _____ () C:\Users\Lea\Downloads\Raimon Bundó Wedding Dresses 2011   Wedding Inspirasi.html
2015-01-09 00:11 - 2015-01-09 00:11 - 00000000 ____D () C:\Users\Lea\Downloads\Raimon Bundó Wedding Dresses 2011   Wedding Inspirasi_files
2015-01-08 18:44 - 2015-01-08 18:44 - 00000197 _____ () C:\Windows\system32\2015-01-08-18-44-52.064-AvastVBoxSVC.exe-3692.log
2015-01-08 14:26 - 2015-01-08 14:26 - 00000197 _____ () C:\Windows\system32\2015-01-08-14-26-00.057-AvastVBoxSVC.exe-3588.log
2015-01-06 19:51 - 2015-01-06 19:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-19-51-05.043-AvastVBoxSVC.exe-4052.log
2015-01-06 19:05 - 2015-01-06 19:06 - 00000197 _____ () C:\Windows\system32\2015-01-06-19-05-41.058-AvastVBoxSVC.exe-4068.log
2015-01-06 16:40 - 2015-01-06 16:40 - 00000197 _____ () C:\Windows\system32\2015-01-06-16-40-12.035-AvastVBoxSVC.exe-4012.log
2015-01-05 22:51 - 2015-01-05 22:52 - 00000197 _____ () C:\Windows\system32\2015-01-05-22-51-31.051-AvastVBoxSVC.exe-3912.log
2015-01-04 21:14 - 2015-01-04 21:14 - 00000197 _____ () C:\Windows\system32\2015-01-04-21-14-40.016-AvastVBoxSVC.exe-3936.log
2015-01-04 21:07 - 2015-01-04 21:07 - 02173952 _____ () C:\Users\Lea\Downloads\AdwCleaner (1).exe
2015-01-04 21:05 - 2015-01-04 21:06 - 00000197 _____ () C:\Windows\system32\2015-01-04-21-05-54.018-AvastVBoxSVC.exe-6704.log
2015-01-04 20:56 - 2015-01-20 22:41 - 00000000 ____D () C:\Users\Lea\Desktop\FRST-OlderVersion
2015-01-04 20:53 - 2015-01-04 20:54 - 00006062 _____ () C:\Users\Lea\Downloads\fixlist.txt
2015-01-04 14:00 - 2015-01-04 14:00 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-00-02.055-AvastVBoxSVC.exe-4036.log
2015-01-04 13:57 - 2015-01-04 13:57 - 00000000 ____D () C:\Program Files (x86)\Software Update Services
2015-01-04 01:19 - 2015-01-04 01:19 - 00000533 _____ () C:\Users\Lea\NY - Res.txt
2015-01-04 01:02 - 2015-01-04 01:02 - 00000197 _____ () C:\Windows\system32\2015-01-04-01-02-37.044-AvastVBoxSVC.exe-3576.log
2015-01-03 16:59 - 2015-01-03 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-03-16-59-56.039-AvastVBoxSVC.exe-3600.log
2015-01-03 14:57 - 2015-01-03 14:57 - 00000197 _____ () C:\Windows\system32\2015-01-03-14-57-42.064-AvastVBoxSVC.exe-3696.log
2015-01-03 13:31 - 2015-01-03 13:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-03 13:30 - 2015-01-03 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-03 13:29 - 2015-01-03 13:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-03 13:27 - 2015-01-03 13:27 - 00638888 _____ (Oracle Corporation) C:\Users\Lea\Downloads\chromeinstall-8u25.exe
2015-01-03 02:13 - 2015-01-03 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-03 02:12 - 2015-01-16 20:12 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-03 02:11 - 2015-01-03 02:11 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (7).exe
2015-01-03 02:02 - 2015-01-03 02:02 - 00003466 _____ () C:\Windows\system32\.crusader
2015-01-03 01:46 - 2015-01-03 02:06 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-03 01:45 - 2015-01-03 01:45 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 01:44 - 2015-01-03 02:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-03 01:44 - 2015-01-03 01:44 - 11222744 _____ (SurfRight B.V.) C:\Users\Lea\Downloads\HitmanPro_x64.exe
2015-01-03 01:02 - 2015-01-03 01:02 - 00000247 _____ () C:\Windows\system32\2015-01-03-01-02-14.091-aswFe.exe-5524.log
2015-01-03 01:00 - 2015-01-03 01:00 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-00-29.055-AvastVBoxSVC.exe-6400.log
2015-01-03 00:47 - 2015-01-15 21:55 - 00000000 ____D () C:\AdwCleaner
2015-01-03 00:47 - 2015-01-03 00:47 - 00000247 _____ () C:\Windows\system32\2015-01-03-00-47-54.062-aswFe.exe-4452.log
2015-01-03 00:47 - 2015-01-03 00:47 - 00000197 _____ () C:\Windows\system32\2015-01-03-00-47-10.086-AvastVBoxSVC.exe-3912.log
2015-01-03 00:46 - 2015-01-03 00:47 - 02173952 _____ () C:\Users\Lea\Desktop\AdwCleaner.exe
2015-01-02 23:50 - 2015-01-02 23:50 - 00000247 _____ () C:\Windows\system32\2015-01-02-23-50-19.032-aswFe.exe-6384.log
2015-01-02 23:49 - 2015-01-02 23:50 - 00000197 _____ () C:\Windows\system32\2015-01-02-23-49-56.013-AvastVBoxSVC.exe-2016.log
2015-01-02 16:12 - 2015-01-02 16:12 - 00000197 _____ () C:\Windows\system32\2015-01-02-16-12-14.014-AvastVBoxSVC.exe-3696.log
2015-01-01 21:36 - 2015-01-15 22:03 - 00028607 _____ () C:\Users\Lea\Desktop\Addition.txt
2015-01-01 21:34 - 2015-01-20 22:42 - 00023480 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-01 20:50 - 2015-01-01 20:50 - 00000197 _____ () C:\Windows\system32\2015-01-01-20-50-06.010-AvastVBoxSVC.exe-3132.log
2015-01-01 01:23 - 2015-01-01 01:24 - 00000197 _____ () C:\Windows\system32\2015-01-01-01-23-42.070-AvastVBoxSVC.exe-4120.log
2014-12-31 14:19 - 2014-12-31 14:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-14-19-37.047-AvastVBoxSVC.exe-3712.log
2014-12-31 13:54 - 2015-01-02 17:11 - 00000415 _____ () C:\Users\Lea\Downloads\ckfiles.txt
2014-12-31 13:48 - 2014-12-31 13:48 - 00468480 _____ () C:\Users\Lea\Downloads\CKScanner.exe
2014-12-31 13:44 - 2014-12-31 13:44 - 00000197 _____ () C:\Windows\system32\2014-12-31-13-44-29.034-AvastVBoxSVC.exe-3236.log
2014-12-30 22:07 - 2014-12-30 22:07 - 02123264 _____ (Farbar) C:\Users\Lea\Downloads\FRST64 (1).exe
2014-12-30 20:54 - 2014-12-30 20:54 - 00110166 _____ () C:\Users\Lea\Documents\OTL.Txt
2014-12-30 20:40 - 2014-12-30 20:40 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL (2).exe
2014-12-30 20:35 - 2014-12-30 20:35 - 00108978 _____ () C:\Users\Lea\Downloads\Extras.Txt
2014-12-30 20:32 - 2014-12-30 20:53 - 00110166 _____ () C:\Users\Lea\Downloads\OTL.Txt
2014-12-30 20:17 - 2014-12-30 20:17 - 00651776 _____ () C:\Users\Lea\Downloads\MicrosoftFixit50228.msi
2014-12-30 20:11 - 2014-12-30 20:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL (1).exe
2014-12-30 20:10 - 2014-12-30 20:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL.exe
2014-12-30 16:58 - 2014-12-30 16:58 - 00000197 _____ () C:\Windows\system32\2014-12-30-16-58-12.008-AvastVBoxSVC.exe-3512.log
2014-12-29 20:56 - 2014-12-29 20:56 - 00048165 _____ () C:\Users\Lea\Documents\FRST.txt
2014-12-29 20:55 - 2014-12-29 20:55 - 00038357 _____ () C:\Users\Lea\Documents\Addition.txt
2014-12-29 20:48 - 2014-12-29 20:48 - 00004588 _____ () C:\Users\Lea\Documents\mb.txt
2014-12-29 20:43 - 2014-12-30 22:14 - 00039824 _____ () C:\Users\Lea\Downloads\Addition.txt
2014-12-29 20:41 - 2015-01-20 22:41 - 00000000 ____D () C:\FRST
2014-12-29 20:41 - 2014-12-30 22:14 - 00048617 _____ () C:\Users\Lea\Downloads\FRST.txt
2014-12-29 20:40 - 2015-01-20 22:41 - 02126848 _____ (Farbar) C:\Users\Lea\Desktop\FRST64.exe
2014-12-29 16:27 - 2014-12-29 16:28 - 00000197 _____ () C:\Windows\system32\2014-12-29-16-27-59.079-AvastVBoxSVC.exe-2548.log
2014-12-29 14:45 - 2015-01-17 20:16 - 00034366 _____ () C:\Windows\PFRO.log
2014-12-29 11:28 - 2014-12-29 11:28 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-12-29 11:27 - 2014-12-29 11:27 - 00753184 _____ () C:\Users\Lea\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-12-29 11:09 - 2014-12-29 11:09 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-09-02.021-AvastVBoxSVC.exe-3984.log
2014-12-29 01:34 - 2014-12-29 01:34 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-34-44.086-AvastVBoxSVC.exe-3768.log
2014-12-29 01:31 - 2015-01-20 19:37 - 00002912 _____ () C:\Windows\setupact.log
2014-12-29 01:31 - 2014-12-29 01:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-29 00:37 - 2015-01-20 00:09 - 00045402 _____ () C:\Windows\IE11_main.log
2014-12-28 18:16 - 2014-12-28 18:17 - 00000197 _____ () C:\Windows\system32\2014-12-28-18-16-55.099-AvastVBoxSVC.exe-4388.log
2014-12-27 00:40 - 2014-12-27 00:40 - 00001197 _____ () C:\Users\Lea\po.txt
2014-12-27 00:07 - 2014-12-27 00:07 - 00003268 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-826546569-3919575575-2117434215-1000
2014-12-26 21:06 - 2014-12-26 21:06 - 00000197 _____ () C:\Windows\system32\2014-12-26-21-06-01.047-AvastVBoxSVC.exe-4504.log
2014-12-23 23:33 - 2014-12-23 23:33 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 23:31 - 2014-12-23 23:31 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-31-20.058-AvastVBoxSVC.exe-4472.log
2014-12-22 22:52 - 2014-12-22 22:52 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-52-31.003-AvastVBoxSVC.exe-4036.log
2014-12-21 23:30 - 2014-12-21 23:30 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-30-10.096-AvastVBoxSVC.exe-3796.log
2014-12-21 22:44 - 2014-12-21 22:44 - 00000197 _____ () C:\Windows\system32\2014-12-21-22-44-36.025-AvastVBoxSVC.exe-1096.log
2014-12-21 20:29 - 2014-12-21 20:29 - 00000197 _____ () C:\Windows\system32\2014-12-21-20-29-39.041-AvastVBoxSVC.exe-3788.log
2014-12-21 19:42 - 2014-12-21 19:42 - 00000247 _____ () C:\Windows\system32\2014-12-21-19-42-32.065-aswFe.exe-3544.log
2014-12-21 19:32 - 2014-12-21 19:42 - 00000247 _____ () C:\Windows\system32\2014-12-21-19-32-56.033-aswFe.exe-8136.log
2014-12-21 19:32 - 2014-12-21 19:32 - 00000197 _____ () C:\Windows\system32\2014-12-21-19-32-51.097-AvastVBoxSVC.exe-6216.log
2014-12-21 19:21 - 2014-12-21 19:21 - 00000247 _____ () C:\Windows\system32\2014-12-21-19-21-49.009-aswFe.exe-5100.log
2014-12-21 19:08 - 2014-12-21 19:21 - 00000247 _____ () C:\Windows\system32\2014-12-21-19-08-53.072-aswFe.exe-604.log
2014-12-21 19:08 - 2014-12-21 19:08 - 00000197 _____ () C:\Windows\system32\2014-12-21-19-08-41.015-AvastVBoxSVC.exe-7432.log
2014-12-21 18:30 - 2014-12-21 18:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-21 18:30 - 2014-12-21 18:35 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-21 17:40 - 2014-12-21 17:41 - 00000000 ____D () C:\ProgramData\{3B77D3B4-6BF5-0232-DA73-72B00AF1A13E}
2014-12-21 17:39 - 2014-12-21 17:40 - 00000000 ____D () C:\ProgramData\Unchecky
2014-12-21 17:39 - 2014-12-21 17:39 - 00000000 ____D () C:\Users\Lea\AppData\Local\StormFall
2014-12-21 17:30 - 2015-01-09 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-21 17:28 - 2014-12-21 17:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 22:11 - 2013-08-06 01:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA.job
2015-01-20 21:57 - 2012-08-07 15:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 21:44 - 2012-11-17 00:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 21:42 - 2011-12-05 11:15 - 01578362 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 21:11 - 2013-08-06 01:02 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core.job
2015-01-20 19:45 - 2009-07-14 04:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:45 - 2009-07-14 04:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:44 - 2012-11-17 00:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 19:37 - 2012-07-23 18:37 - 00000000 ____D () C:\ProgramData\Advent
2015-01-20 19:37 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 11:55 - 2012-04-10 15:39 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\SoftGrid Client
2015-01-20 11:53 - 2014-08-06 21:25 - 00023703 _____ () C:\Windows\BRRBCOM.INI
2015-01-20 11:49 - 2014-05-01 16:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 16:33 - 2012-04-10 13:36 - 00067008 _____ () C:\Users\Lea\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 20:13 - 2012-04-15 11:34 - 00000000 ____D () C:\Users\Lea\AppData\Local\CrashDumps
2015-01-16 19:14 - 2014-05-13 11:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 22:57 - 2012-08-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 22:57 - 2012-08-07 15:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 22:57 - 2011-10-21 01:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 22:55 - 2013-07-13 21:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:34 - 2012-04-10 20:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 18:42 - 2011-10-21 01:41 - 00000000 ____D () C:\Windows\pl
2015-01-06 04:36 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 21:06 - 2013-08-06 01:02 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA
2015-01-04 21:06 - 2013-08-06 01:02 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core
2015-01-04 13:57 - 2014-11-12 19:33 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-01-04 01:19 - 2012-04-10 13:36 - 00000000 ____D () C:\Users\Lea
2015-01-03 13:29 - 2013-04-12 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-03 00:44 - 2011-10-21 01:40 - 00000000 ____D () C:\Windows\fr
2014-12-31 14:21 - 2009-07-14 05:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 14:01 - 2012-04-10 15:35 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\uTorrent
2014-12-29 18:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-29 14:45 - 2011-10-21 01:42 - 00000000 ____D () C:\Windows\ca
2014-12-28 22:16 - 2014-12-13 00:39 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-28 19:04 - 2014-11-28 20:17 - 00032689 _____ () C:\Users\Lea\Downloads\software_removal_tool.log
2014-12-22 01:26 - 2012-08-04 23:49 - 00000000 ____D () C:\Windows\Minidump
2014-12-21 17:42 - 2009-07-14 02:34 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-12-21 17:29 - 2014-05-13 12:03 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-21 17:28 - 2014-05-13 12:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-21 17:28 - 2014-05-13 12:03 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-21 17:28 - 2014-05-13 12:03 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-21 17:28 - 2014-05-13 12:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-21 17:28 - 2014-05-13 12:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-21 17:28 - 2014-05-13 12:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-21 17:28 - 2014-05-01 16:28 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-21 17:26 - 2012-11-24 14:46 - 00000000 ____D () C:\Users\Lea\AppData\Local\Opera
2014-12-21 17:26 - 2012-11-24 14:46 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-21 17:25 - 2012-11-24 14:46 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\Opera
 
==================== Files in the root of some directories =======
2014-11-15 19:43 - 2014-11-24 23:23 - 0000004 _____ () C:\Users\Lea\AppData\Roaming\appdataFr2.bin
2012-04-11 20:55 - 2011-01-04 08:26 - 0076407 _____ () C:\Users\Lea\AppData\Roaming\Smiley.ico
2014-05-02 12:39 - 2014-05-02 12:39 - 0000044 _____ () C:\Users\Lea\AppData\Roaming\WB.CFG
2012-10-29 01:25 - 2012-10-29 01:25 - 0003713 _____ () C:\Users\Lea\AppData\Local\HWVendorDetection.log
2011-12-05 11:24 - 2011-12-05 11:26 - 0015123 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-09 22:08
 
==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Lea at 2015-01-20 22:43:10
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden
Acer Deep Sleep Settings (HKLM-x32\...\{86F3E556-83B1-47E5-A36B-560A521B999B}) (Version: 1.00.3008 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
AdC4USelfUpdater (x32 Version: 1.00.0000 - Advent) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ADVENT AIO Printer (HKLM-x32\...\{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}) (Version: 1.3.3.10 - Advent)
Advent AIO Printer (Version: 1.0.6.2 - DSGi) Hidden
Advent Essentials (x32 Version: 1.0.0.0 - DSGi) Hidden
aioscnnr (x32 Version: 1.0.6.0 - DSGi) Hidden
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
Anki (HKLM-x32\...\Anki) (Version:  - )
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Brother MFL-Pro Suite DCP-J132W (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Edificius (x32 Version: 6.00 - ACCA) Hidden
Edificius v.6.00g (HKLM-x32\...\{614F8F83-BB96-4000-8116-67D1BC132830}) (Version: 6.00g - EN - ACCA software S.p.A.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.0.6.3_WHQL (HKLM\...\Elantech) (Version: 10.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.6.3 (HKLM-x32\...\{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}) (Version: 4.6.3.8096 - Evernote Corp.)
FinePrint (HKLM\...\FinePrint) (Version: 8.15 - FinePrint Software, LLC)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreReq (x32 Version: 6.0.5.2 - Eastman Kodak Company) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{5C20A342-085D-4000-B69D-492F3BA4BF94}) (Version: 1.0 - QualComm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM-x32\...\{34BE2594-1D20-4A2E-97A0-B9E2837520AE}) (Version: 1.00.3004 - Acer Incorporated)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
10-12-2014 16:18:16 Windows Update
13-12-2014 02:59:54 Removed BlueStacks Notification Center
13-12-2014 03:00:13 Windows Update
13-12-2014 04:01:16 Windows Update
13-12-2014 23:16:28 Removed Microsoft Silverlight
14-12-2014 03:00:16 Windows Update
14-12-2014 03:53:45 Windows Update
15-12-2014 22:38:49 Windows Update
16-12-2014 02:34:51 Windows Update
17-12-2014 19:34:08 Windows Update
17-12-2014 23:57:02 Windows Update
18-12-2014 01:57:40 Windows Update
20-12-2014 22:57:33 Windows Update
21-12-2014 00:01:06 Windows Update
21-12-2014 17:14:21 Windows Update
21-12-2014 17:22:25 avast! antivirus system restore point
21-12-2014 17:29:09 Device Driver Package Install: Avast Network Service
21-12-2014 22:34:28 Software Removal Tool
22-12-2014 01:51:39 Windows Update
23-12-2014 00:53:06 Windows Update
26-12-2014 21:09:52 Windows Update
27-12-2014 00:44:33 Windows Update
29-12-2014 00:36:59 Windows Update
29-12-2014 02:03:00 Windows Update
30-12-2014 01:40:10 Windows Update
30-12-2014 20:19:44 Windows Update
30-12-2014 20:22:01 Windows Update
30-12-2014 20:23:53 Windows Update
30-12-2014 20:28:25 Windows Update
31-12-2014 00:59:32 Windows Update
01-01-2015 20:53:26 Windows Update
02-01-2015 02:40:19 Windows Update
03-01-2015 02:01:03 Checkpoint by HitmanPro
03-01-2015 02:02:35 Checkpoint by HitmanPro
03-01-2015 12:57:51 Windows Update
03-01-2015 15:34:55 Windows Update
04-01-2015 00:31:05 Windows Update
04-01-2015 01:34:06 Windows Update
04-01-2015 20:57:13 Restore Point Created by FRST
04-01-2015 21:00:08 Restore Point Created by FRST
05-01-2015 03:00:19 Windows Update
05-01-2015 03:44:33 Windows Update
05-01-2015 23:14:25 Windows Update
06-01-2015 16:43:22 Windows Update
06-01-2015 17:47:03 Windows Update
06-01-2015 19:29:53 Windows Update
06-01-2015 20:15:19 Windows Update
09-01-2015 00:50:50 Windows Update
09-01-2015 16:52:19 avast! antivirus system restore point
10-01-2015 02:15:56 Windows Update
11-01-2015 01:13:23 Windows Update
12-01-2015 00:42:30 Windows Update
13-01-2015 00:33:33 Windows Update
14-01-2015 22:32:16 Windows Update
15-01-2015 00:08:40 Windows Update
15-01-2015 21:16:20 Windows Update
15-01-2015 22:59:12 Windows Update
17-01-2015 00:15:00 Windows Update
17-01-2015 20:11:20 Restore Point Created by FRST
17-01-2015 20:14:20 Restore Point Created by FRST
18-01-2015 01:36:06 Windows Update
19-01-2015 00:14:29 Windows Update
19-01-2015 22:42:45 Windows Update
20-01-2015 00:08:22 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-01-04 20:58 - 2015-01-04 21:00 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14743BBA-6DF3-44B0-BD30-F953C3F3BB53} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2A38BC47-9D38-46AE-98A6-6BD0D80185A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {37A2C7F1-1C6D-4CB9-BE8C-86B1C1172E68} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {50A37FFF-AC42-49D5-A56C-DA69DE940823} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {5A87B349-189E-4059-A3E9-6C2F98530278} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {5F0D9F42-FB4F-41D5-BC3A-C541F2CFE462} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {77B3CD3C-0AC3-471C-BAFD-9F25CC5A1016} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {7F56EA38-A7FD-4707-98A6-9B5FB9453768} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {8093BC23-4485-4A99-9202-BA37BC70189B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-21] (AVAST Software)
Task: {90FAACE9-D03B-46B3-B81C-D86A16112EEE} - System32\Tasks\{A83BC985-A76D-418A-930E-6A952A51D03D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {94D5CC3F-2B72-41A7-AA92-A787FAAB2A21} - System32\Tasks\avastBCLRestartS-1-5-21-826546569-3919575575-2117434215-1000 => Chrome.exe 
Task: {958E0E1C-859F-447D-A6F1-B243DD96B103} - System32\Tasks\{6DBB1977-06FA-4253-8C11-919DE8C52E34} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B742757A-7658-4E09-A51A-085CF0F7F4D3}\Setup.exe" -c  -runfromtemp -l0x0009 UNINSTALL Reg=BHmini13_C2 -removeonly
Task: {978D6381-14D2-43D5-9579-261789B2A134} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {A2DA72CC-38D6-46DF-9126-037C111AF2C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {BECFE957-BAD9-4282-B922-44244A72745B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DE3D9038-8E72-4F12-B737-0B2DCC601F6D} - System32\Tasks\Opera scheduled Autoupdate 1417994842 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {EC930452-109B-4A89-A433-5BB5A333B34F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {F701F532-F134-412D-87D0-327C5AB0805B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F971B0FA-775E-4D9B-9AE9-D0EF7EA4AE5E} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-06 21:23 - 2005-04-22 04:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-12-21 17:25 - 2014-12-21 17:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-21 17:25 - 2014-12-21 17:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2011-12-05 18:52 - 2011-08-09 15:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 18:28 - 2012-08-10 18:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-01-20 11:48 - 2015-01-20 11:48 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012000\algo.dll
2014-12-21 17:26 - 2014-12-21 17:26 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-20 19:40 - 2015-01-20 19:40 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-12-21 17:27 - 2014-12-21 17:28 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-06 21:22 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-826546569-3919575575-2117434215-500 - Administrator - Disabled)
Guest (S-1-5-21-826546569-3919575575-2117434215-501 - Limited - Enabled) => C:\Users\Guest.Lea-PC
HomeGroupUser$ (S-1-5-21-826546569-3919575575-2117434215-1002 - Limited - Enabled)
Lea (S-1-5-21-826546569-3919575575-2117434215-1000 - Administrator - Enabled) => C:\Users\Lea
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/20/2015 07:37:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/20/2015 11:47:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/19/2015 11:02:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/19/2015 07:24:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ADAIOHostService.exe, version: 1.1.15.0, time stamp: 0x4c9ca58a
Faulting module name: ADAIOHostService.exe, version: 1.1.15.0, time stamp: 0x4c9ca58a
Exception code: 0xc0000005
Fault offset: 0x0000879e
Faulting process id: 0x%9
Faulting application start time: 0xADAIOHostService.exe0
Faulting application path: ADAIOHostService.exe1
Faulting module path: ADAIOHostService.exe2
Report Id: ADAIOHostService.exe3
 
Error: (01/19/2015 04:32:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/18/2015 08:10:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/17/2015 09:22:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/17/2015 08:16:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/17/2015 08:13:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 17.1.2015.1, time stamp: 0x54b9adb3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0x104
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (01/17/2015 08:11:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d2c4eff4-a415-42b8-a115-5c3e297ae244}
 
 
System errors:
=============
Error: (01/20/2015 07:38:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/20/2015 07:37:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001
 
Error: (01/20/2015 11:47:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/20/2015 11:47:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001
 
Error: (01/20/2015 00:09:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (01/20/2015 00:08:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (01/19/2015 11:03:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/19/2015 11:02:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001
 
Error: (01/19/2015 10:43:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (01/19/2015 10:43:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (01/20/2015 07:37:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/20/2015 11:47:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/19/2015 11:02:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/19/2015 07:24:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ADAIOHostService.exe1.1.15.04c9ca58aADAIOHostService.exe1.1.15.04c9ca58ac00000050000879e
 
Error: (01/19/2015 04:32:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/18/2015 08:10:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/17/2015 09:22:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/17/2015 08:16:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/17/2015 08:13:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe17.1.2015.154b9adb3ntdll.dll6.1.7601.18247521eaf24c0000005000000000000ca8910401d03291b2b458edC:\Users\Lea\Desktop\FRST64.exeC:\Windows\SYSTEM32\ntdll.dll48f91b00-9e85-11e4-ab80-95af9867d053
 
Error: (01/17/2015 08:11:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d2c4eff4-a415-42b8-a115-5c3e297ae244}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 36%
Total physical RAM: 3946.19 MB
Available physical RAM: 2511.5 MB
Total Pagefile: 7890.57 MB
Available Pagefile: 5876.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:282.85 GB) (Free:137.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4007CF80)
Partition 1: (Not Active) - (Size=15.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 18.6 GB) (Disk ID: 4007CFAE)
Partition 1: (Not Active) - (Size=18.6 GB) - (Type=84)
 
==================== End Of Log ============================
 
OTL Logs:
 

OTL logfile created on: 20/01/2015 23:01:30 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.85 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 56.76% Memory free
7.71 Gb Paging File | 5.56 Gb Available in Paging File | 72.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.85 Gb Total Space | 137.18 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
 
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/09 16:55:40 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/30 20:11:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL.exe
PRC - [2014/12/21 17:27:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/13 14:55:02 | 002,968,696 | ---- | M] (MicroTools) -- C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
PRC - [2014/11/12 19:39:00 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/20 23:51:28 | 002,973,600 | ---- | M] (MicroStudio) -- C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
PRC - [2014/03/11 22:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/14 18:39:42 | 000,505,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2013/05/14 18:37:24 | 001,448,960 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2013/03/02 10:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/18 10:01:12 | 002,009,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/10/14 12:59:50 | 000,361,904 | ---- | M] (DSGi) -- C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
PRC - [2011/09/20 10:25:58 | 000,341,360 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/08/26 14:14:40 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/24 18:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/08/24 18:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/08/10 17:39:56 | 000,057,344 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
PRC - [2011/08/09 01:44:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/09 01:44:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/21 15:23:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/11 22:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2011/04/24 01:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/24 01:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/03/15 03:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/15 03:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/15 03:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/15 03:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/21 17:28:00 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/08/24 18:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/24 18:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/04/24 01:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/21 17:27:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/21 17:25:39 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2013/12/23 10:55:22 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/09/17 17:22:54 | 000,141,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Sleep Memory Optimizer\FFSService.exe -- (FFSOpzSvc)
SRV:64bit: - [2011/08/02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/01/14 22:57:20 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/13 14:55:02 | 002,968,696 | ---- | M] (MicroTools) [Auto | Running] -- C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe -- (YouTubeDownload_P4)
SRV - [2014/10/20 23:51:28 | 002,973,600 | ---- | M] (MicroStudio) [Auto | Running] -- C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe -- (WindowsVNT_R3)
SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/11 22:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 22:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/10/26 09:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/08/10 18:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/10/14 12:59:50 | 000,361,904 | ---- | M] (DSGi) [Auto | Running] -- C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe -- (Advent AIO Network Discovery Service)
SRV - [2011/08/10 17:39:56 | 000,057,344 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/08/09 01:44:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/09 01:44:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/21 15:23:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/07/07 00:24:24 | 000,184,320 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/24 01:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/03/15 03:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/03 02:06:05 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/12/21 17:29:04 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/21 17:28:16 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/12/21 17:28:16 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/21 17:28:16 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/12/21 17:28:15 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/21 17:28:15 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/21 17:28:15 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/21 17:28:12 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/21 17:25:39 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/13 01:35:02 | 000,040,808 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/10 18:09:26 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 18:09:24 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 18:09:22 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 18:09:22 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 18:09:20 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 18:09:20 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 18:09:20 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 18:09:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 00:25:10 | 002,799,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/05 11:27:45 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/12/05 11:27:45 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/12/05 11:27:45 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/08/09 16:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 03:07:18 | 000,185,128 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/07/28 22:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/06/16 13:50:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2011/05/20 16:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/08/10 11:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/20 02:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/09 16:54:35 | 000,000,000 | ---D | M]
 
[2015/01/17 20:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\extensions
[2015/01/04 21:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2015/01/04 21:00:26 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ADAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\ADAiO2MUI.exe (DSGi)
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ADAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\ADAiO2MUI.exe File not found
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-826546569-3919575575-2117434215-1000..\Run: [Google Update] C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-826546569-3919575575-2117434215-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} https://britishgasto...om/HomeVend.cab (HomeVendGasCard Class)
O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://bg.itronener...yBoxControl.cab (KeyBox Class)
O16 - DPF: {2A293777-79CA-4DD9-A545-0E1718C0D3CF} https://bg.itronener...yboxControl.cab (KeyBox Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E731E39E-A891-4959-9E6D-1DC0D10BAA43}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E731E39E-A891-4959-9E6D-1DC0D10BAA43}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/17 20:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Optimizer
[2015/01/16 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/01/15 21:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2015/01/15 21:39:09 | 001,707,939 | ---- | C] (Thisisu) -- C:\Users\Lea\Desktop\JRT.exe
[2015/01/14 00:19:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/01/14 00:19:53 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/01/14 00:19:44 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/14 00:19:41 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/14 00:19:39 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/14 00:19:35 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/14 00:19:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/14 00:19:34 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/11 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\Desktop\MATHS
[2015/01/09 16:55:04 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/01/04 20:56:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\Desktop\FRST-OlderVersion
[2015/01/04 13:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Update Services
[2015/01/03 13:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/03 13:31:47 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/03 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/01/03 13:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/01/03 02:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/03 01:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/01/03 01:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/01/03 00:47:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/30 20:10:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL.exe
[2014/12/29 20:41:17 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/29 20:40:01 | 002,126,848 | ---- | C] (Farbar) -- C:\Users\Lea\Desktop\FRST64.exe
[2014/12/29 11:28:54 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\subinacl.exe
[2014/12/29 11:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/20 22:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/20 22:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/20 22:41:43 | 002,126,848 | ---- | M] (Farbar) -- C:\Users\Lea\Desktop\FRST64.exe
[2015/01/20 22:11:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA.job
[2015/01/20 21:11:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core.job
[2015/01/20 19:45:51 | 000,031,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/20 19:45:51 | 000,031,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/20 19:44:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/20 19:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/20 11:53:34 | 000,023,703 | ---- | M] () -- C:\Windows\BRRBCOM.INI
[2015/01/16 20:12:16 | 000,002,243 | ---- | M] () -- C:\Users\Lea\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/16 20:12:16 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/16 19:14:32 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/15 21:39:22 | 001,707,939 | ---- | M] (Thisisu) -- C:\Users\Lea\Desktop\JRT.exe
[2015/01/14 22:57:20 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/14 22:57:20 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/11 16:56:51 | 000,030,946 | ---- | M] () -- C:\Users\Lea\Documents\InductionAssignment.rtf
[2015/01/09 16:55:55 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/04 21:00:26 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/01/03 13:30:45 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/03 02:06:05 | 000,043,664 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2015/01/03 02:02:56 | 000,003,466 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2015/01/03 00:47:02 | 002,173,952 | ---- | M] () -- C:\Users\Lea\Desktop\AdwCleaner.exe
[2014/12/31 14:21:27 | 000,783,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/31 14:21:27 | 000,667,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/31 14:21:27 | 000,126,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/30 20:11:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL.exe
[2014/12/29 11:28:55 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\subinacl.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/11 16:56:49 | 000,030,946 | ---- | C] () -- C:\Users\Lea\Documents\InductionAssignment.rtf
[2015/01/09 16:55:55 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/03 02:13:00 | 000,002,243 | ---- | C] () -- C:\Users\Lea\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/03 02:12:59 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/03 02:02:56 | 000,003,466 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/01/03 01:46:02 | 000,043,664 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2015/01/03 00:46:57 | 002,173,952 | ---- | C] () -- C:\Users\Lea\Desktop\AdwCleaner.exe
[2014/11/15 19:43:32 | 000,000,004 | ---- | C] () -- C:\Users\Lea\AppData\Roaming\appdataFr2.bin
[2014/08/06 21:25:47 | 000,023,703 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2014/08/06 21:25:47 | 000,007,818 | ---- | C] () -- C:\Windows\BROPJ132W.INI
[2014/08/06 21:23:05 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/08/06 21:23:04 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2014/05/13 11:25:46 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2014/05/02 12:39:07 | 000,000,044 | ---- | C] () -- C:\Users\Lea\AppData\Roaming\WB.CFG
 
========== ZeroAccess Check ==========
 
[2013/08/30 21:40:34 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 02:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/28 20:23:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ADVENT AIO Printer1752805035
[2012/08/28 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/08/28 20:23:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ADVENT AIO Printer1752805035
[2012/08/28 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/04/19 11:18:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Screensaver
[2014/05/02 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\Guest.Lea-PC\AppData\Roaming\AVAST Software
[2013/01/29 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Guest.Lea-PC\AppData\Roaming\Opera
[2013/11/28 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\Guest.Lea-PC\AppData\Roaming\PowerCinema
[2012/05/11 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Guest.Lea-PC\AppData\Roaming\Screensaver
[2013/03/13 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\Guest.Lea-PC\AppData\Roaming\SoftGrid Client
[2014/05/13 12:04:40 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\AVAST Software
[2014/09/19 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\ControlCenter4
[2014/05/01 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Dropbox
[2014/05/01 18:24:19 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DropboxMaster
[2012/04/14 15:08:34 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
[2012/04/17 00:45:38 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\LibreOffice
[2014/05/11 13:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\OpenOffice
[2014/12/21 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Opera
[2014/12/07 23:27:36 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Opera Software
[2013/03/28 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Origin
[2012/04/10 13:37:58 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Screensaver
[2015/01/20 11:55:23 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\SoftGrid Client
[2012/06/03 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\T-Mobile
[2013/07/08 21:02:39 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\T-Mobile Internet Manager
[2012/07/23 18:39:43 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Temp
[2012/04/10 15:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\TP
[2014/12/31 14:01:32 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\uTorrent
[2012/04/17 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Windows Live Writer
[2014/10/29 00:35:03 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\XMind
[2012/06/29 12:00:46 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
Extras:
 

OTL Extras logfile created on: 20/01/2015 23:01:30 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.85 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 56.76% Memory free
7.71 Gb Paging File | 5.56 Gb Available in Paging File | 72.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.85 Gb Total Space | 137.18 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
 
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122B2E3-0479-4002-A79C-92AB16DADF96}" = rport=137 | protocol=17 | dir=out | app=system | 
"{02E0FA42-3775-4799-8571-43046A6C84ED}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0523B2DC-E9D5-41E4-B501-D1486ECDDCC9}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{1151178C-0375-4458-A810-AD80B57C6290}" = lport=9333 | protocol=6 | dir=in | name=addiscovery | 
"{1198DDEF-13E0-4B50-935A-3E588B3082D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{12487440-F6CC-4105-A4F7-DBB9BF9B60F3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{13A5B7FC-A1D8-45BD-BD5A-9BD74FC296BA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{315CEE6F-2B67-4964-870F-3E68C5ADDEE3}" = lport=54925 | protocol=17 | dir=in | svc=stisvc | name=brothernetwork scanner | 
"{360E627E-AAB8-49C7-9B00-267E41F64BDE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{38771749-E9C2-4CF7-8A44-901835AC45B9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4EBDC0AA-E774-4A3D-9EDB-0DD97AFAC4E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56086048-785D-4773-A59F-614F3BF7C4E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6A8ECF2F-7ABE-4B21-8DA0-F564B53F196A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F518CD1-61AA-4887-8748-C9A1053E6E4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{83380DB2-0CA6-40BB-AC6F-07AECAACE47C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AAB8BD0F-4466-4786-BEA7-60CFE1EA89A2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B53DA0F9-9F25-4327-AD01-3D7515F093B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B540AFAC-9A4C-4FC1-B0FA-7D259492AC97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2580421-87E6-4D0A-A75A-25F01DC64A3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{C272399E-4451-48D8-BEE1-1C91DBD5BA04}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CD396B48-5910-4911-8E0B-9ACF6F3BE53F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFA4DE7C-5EB2-4C73-BE4B-E767F4BEC318}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D22C29F0-63B7-45B0-9EF3-1BDD96FBA5B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD059AC5-B203-444F-B1CD-7F43174A3C0E}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{E1080423-1D6F-4D94-834F-261004167EE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E56CA41C-20A7-422A-B56E-5BE64BB5949D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8D3BDE5-F545-4D88-A3AA-74A15AD9CDAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EA73F58F-2364-40DA-9767-0E999DE094E8}" = lport=9333 | protocol=6 | dir=in | name=addiscovery | 
"{ED50F87C-7D1D-446E-B54B-91D25E2E5222}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1B57561-5617-4AD6-A7B7-1F6D5B352A27}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F8E229E8-F392-4D2F-98B8-495048C0ACA2}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A79A8B5-4BD6-40EE-A083-550DDF9D03FF}" = protocol=58 | dir=in | [email protected],-28545 | 
"{0FF28DF0-2F35-4C07-A286-15A7F3BE9649}" = protocol=58 | dir=out | [email protected],-28546 | 
"{199147A6-E8DA-429F-97D1-C46BCE9DAC41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F1832D1-39DE-4FEA-BE70-B340C5FB6239}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3207E31F-9920-4ECA-8BBD-2D48B76F1B11}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{39A3B4F0-04E6-406E-9430-BB9CDEE13765}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{3CD6BDD8-2405-434A-A840-A738F7CDB1BA}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5C1087C0-5BB6-4ECC-9433-E89B0B25313E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C451D04-5890-4A19-9ED1-7BEDCE8979DF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DE445E5-1025-47AC-B5C5-45C7BAF6BAF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{655692DC-B5AE-468C-AF60-E3AE8ECC6AA2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{697F7D35-8333-4B96-8666-7475C9139E46}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6B0D4FB2-A676-4C47-9D06-A61F76E23CA5}" = protocol=6 | dir=out | app=system | 
"{6F71604A-C994-4942-B635-58B1957909EB}" = protocol=1 | dir=out | [email protected],-28544 | 
"{751D710B-2FB7-4B86-A4C8-68FA185EEF0E}" = dir=in | app=c:\program files (x86)\youtube downloader services\p4\powermgr.exe | 
"{8345BFE4-1FB0-4DD5-952A-551C7785BDBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{84455C71-5E91-48BF-BDFF-6D35642EAF82}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{913008B9-CC16-44FD-9CFE-530517BC642B}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{95E97EA6-D51A-4A6B-A84D-3387BC053448}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{965E755C-7CBE-4707-B695-ADDD43E2AB8E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{977F8ACA-04D8-4B69-A839-BD2FF5E785B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99F6EE5B-D08A-4CDA-9A35-97C8F40CA407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A97701F-20B3-4422-A467-FE432FAC54A8}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{9B273DA5-B113-4CBD-B286-FAF8E38AF378}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{9EECD3B2-1424-44BF-AA63-5C129F819B98}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A1B31FB3-D0C2-43CB-84C3-B8320CDB7519}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{A654FF77-EFD8-481F-B926-608968168722}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6069A87-9683-416D-9B95-6B9958452729}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B6439180-21B9-47E3-A046-87E6ED34B2B3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{B9FACAB7-79CC-4674-8408-9B15F0C9133B}" = dir=in | app=c:\program files (x86)\youtube downloader services\p4\youtubeserv.exe | 
"{CC18253F-5F9E-4787-9143-2E9AB9B23755}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0DCFE74-45C7-43F2-BA2F-3E35F9618E25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D37C60DF-FA36-47B2-A80C-554BB0028AF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD36AB8F-BBA4-4393-9474-1EA99F10C3F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ECD00EC9-163D-487C-B2B0-3B0BF09FAE32}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{ECF180FA-5266-42A3-AE48-F6D5B268394F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{F4174FD1-807E-4B1C-BA28-25E49949D70C}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CA75E08-616B-4F3C-A8E6-5E4BDC04E398}" = Advent AIO Printer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.0.6.3_WHQL
"FinePrint" = FinePrint
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}" = Google Talk Plugin
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{136BB0FD-7E70-40F5-B17E-5FB91F229463}" = AdC4USelfUpdater
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BAE8AB6-4533-4CB1-94D6-A5F401ED468C}" = aioscnnr
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}" = ADVENT AIO Printer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34BE2594-1D20-4A2E-97A0-B9E2837520AE}" = Sleep Memory Optimizer
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4973FC3B-FF66-4610-B9ED-2DDEFBF4D2D7}" = PreReq
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C20A342-085D-4000-B69D-492F3BA4BF94}" = Qualcomm Atheros Fast Reconnect
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61381690-7DDA-44F6-B3F0-6529FB8B6E5D}" = Advent Essentials
"{614F8F83-BB96-4000-8116-67D1BC132830}" = Edificius v.6.00g
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DE640AD-5480-492F-9C6D-A9799EC251B0}" = Edificius
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F3E556-83B1-47E5-A36B-560A521B999B}" = Acer Deep Sleep Settings
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel® Identity Protection Technology 1.2.18.0
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B742757A-7658-4E09-A51A-085CF0F7F4D3}" = Brother MFL-Pro Suite DCP-J132W
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C87EF11D-36E9-479D-9898-7541EA1E8A6A}" = OpenOffice 4.1.0
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Anki" = Anki
"Avast" = Avast Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"Kobo" = Kobo
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Opera 26.0.1656.60" = Opera Stable 26.0.1656.60
"Picasa 3" = Picasa 3
"WinLiveSuite" = Windows Live Essentials
"XMind_is1" = XMind 2013 (v3.4.1)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-826546569-3919575575-2117434215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17/01/2015 16:05:15 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 17/01/2015 16:11:19 | Computer Name = Lea-PC | Source = VSS | ID = 8194
Description = 
 
Error - 17/01/2015 16:13:23 | Computer Name = Lea-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FRST64.exe, version: 17.1.2015.1, time 
stamp: 0x54b9adb3  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time 
stamp: 0x521eaf24  Exception code: 0xc0000005  Fault offset: 0x000000000000ca89  Faulting
 process id: 0x104  Faulting application start time: 0x01d03291b2b458ed  Faulting application
 path: C:\Users\Lea\Desktop\FRST64.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 48f91b00-9e85-11e4-ab80-95af9867d053
 
Error - 17/01/2015 16:16:57 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 17/01/2015 17:22:12 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 18/01/2015 16:10:34 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 19/01/2015 12:32:10 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 19/01/2015 15:24:33 | Computer Name = Lea-PC | Source = Application Error | ID = 1000
Error - 19/01/2015 19:02:48 | Computer Name = Lea-PC | Source = SideBySide | ID 
= 16842785
 
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error - 20/01/2015 07:47:20 | Computer Name = Lea-PC | Source = SideBySide | ID 
= 16842785
 
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error - 20/01/2015 15:37:46 | Computer Name = Lea-PC | Source = SideBySide | ID 
= 16842785
 
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error encountered while reading event logs.
 
< End of report >
 
 

Edited by cookie88, 20 January 2015 - 05:11 PM.

  • 0

#22
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I got a browser re-direct yesterday, while watching netflix. 

 

I have also had a pop-up today trying to install google chrome when it is already installed and fully up to date.

 

Edit to add:

 

The so called "google chrome installer" has left an icon on my desktop. When I click on properties, the location reads as follows:

 

C:\ProgramData\Optimizer\program\windows_chromupdateweb.exe

 

When I click to view file location, I find that whatever is controlling this, has moved a maths folder (for my university studies) from my desktop and placed it in that location. I know that might sound daft but basically whatever is on my system is tampering with things on my desktop and moving items around. I don't have much knowledge of malware, but it seems like everytime we remove something the programme is replicating itself somewhere else.


Edited by cookie88, 21 January 2015 - 10:47 AM.

  • 0

#23
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, cookie88.

Please go to C:\ProgramData\Optimizer and check if that Maths folder is the original one. If it is, move it back to Desktop and manually delete C:\ProgramData\Optimizer by using Shift+Delete key combination. If it's not then just get rid of it as well.

Also, please do the following steps and tell me if you still have the redirects/popups problem after that.

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   237bytes   87 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content
  • Please tell me if you still have these redirects/popups problems

  • 0

#24
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Here are the fresh logs:

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Lea at 2015-01-22 20:44:28 Run:5
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
C:\Program Files (x86)\Windows Network Accelerater
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
WindowsVNT_R3 => Service deleted successfully.
C:\Program Files (x86)\Windows Network Accelerater => Moved successfully.
EmptyTemp: => Removed 353.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:46:02 ====

 

Frst:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Lea (administrator) on LEA-PC on 22-01-2015 20:49:55
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DSGi) C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2275944 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2642728 2011-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [ADAiO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe [2779136 2010-12-09] (DSGi)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1357648 2014-12-08] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-12-04] (BullGuard Ltd.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ADAiO2StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\ADAiO2MUI.exe
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Run: [Google Update] => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-06] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-826546569-3919575575-2117434215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-826546569-3919575575-2117434215-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} https://britishgasto...om/HomeVend.cab
DPF: HKLM-x32 {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://bg.itronener...yBoxControl.cab
DPF: HKLM-x32 {2A293777-79CA-4DD9-A545-0E1718C0D3CF} https://bg.itronener...yboxControl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E731E39E-A891-4959-9E6D-1DC0D10BAA43}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @talk.google.com/O1DPlugin -> C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lea\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lea\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\[email protected]
 
Chrome: 
=======
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-03]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-03]
CHR Extension: (YouTube) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]
CHR Extension: (Google Search) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-03]
CHR Extension: (Google Sheets) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Advent AIO Network Discovery Service; C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [361904 2011-10-14] (DSGi)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [778576 2014-12-11] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [601424 2014-12-17] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-12-08] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [428368 2014-12-04] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 2014-12-08] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [758608 2014-12-17] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [549200 2014-12-08] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-12-04] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384336 2014-12-08] (BullGuard Ltd.)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-10-28] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-10-28] (Agnitum Ltd.)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2013-12-13] (Google Inc)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-10-28] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-10-28] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-10-28] (BullGuard Ltd.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-10] (Qualcomm Atheros)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-03] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-28] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-28] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-10-28] (BitDefender S.R.L.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 20:49 - 2015-01-22 20:51 - 00023298 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-22 20:49 - 2015-01-22 20:49 - 00000640 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-01-22 20:47 - 2015-01-22 20:48 - 00000000 ____D () C:\ProgramData\Optimizer
2015-01-22 20:42 - 2015-01-22 20:42 - 00000237 _____ () C:\Users\Lea\Documents\fixlist.txt
2015-01-22 20:40 - 2015-01-22 20:40 - 00000237 _____ () C:\Users\Lea\Downloads\fixlist (1).txt
2015-01-22 01:10 - 2015-01-22 01:10 - 00001376 _____ () C:\Windows\IE11_main.log
2015-01-22 01:02 - 2015-01-22 01:02 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\Lea\Downloads\tdsskiller.exe
2015-01-22 00:43 - 2015-01-22 00:43 - 02186752 _____ () C:\Users\Lea\Downloads\adwcleaner_4.108.exe
2015-01-22 00:42 - 2015-01-22 00:42 - 00000071 _____ () C:\Users\Lea\Desktop\suspect.txt
2015-01-22 00:32 - 2015-01-22 20:47 - 00000224 _____ () C:\Windows\setupact.log
2015-01-22 00:32 - 2015-01-22 00:46 - 00002094 _____ () C:\Windows\PFRO.log
2015-01-22 00:32 - 2015-01-22 00:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-22 00:26 - 2015-01-22 00:26 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Lea\Downloads\rkill.com
2015-01-22 00:24 - 2015-01-22 00:24 - 00001984 _____ () C:\Users\Lea\Desktop\mal.txt
2015-01-21 17:22 - 2015-01-22 20:47 - 00000356 _____ () C:\Windows\system32\config\afw_hm.conf
2015-01-21 17:22 - 2015-01-22 20:47 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2015-01-21 17:09 - 2015-01-21 17:09 - 00000164 _____ () C:\Users\Lea\Desktop\BullGuard Online Drive.lnk
2015-01-21 17:04 - 2015-01-21 18:30 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\BullGuard
2015-01-21 17:04 - 2015-01-21 17:04 - 00000954 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2015-01-21 17:04 - 2015-01-21 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2015-01-21 17:02 - 2015-01-21 17:02 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2015-01-21 17:02 - 2015-01-21 17:02 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2015-01-21 16:59 - 2015-01-21 16:59 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\QuickScan
2015-01-21 16:58 - 2015-01-22 20:51 - 00000000 ____D () C:\ProgramData\BullGuard
2015-01-21 16:57 - 2015-01-21 16:57 - 00325440 _____ () C:\Users\Lea\Downloads\BullGuardDownloader_uksem60.exe
2015-01-21 12:38 - 2015-01-21 12:39 - 00000197 _____ () C:\Windows\system32\2015-01-21-12-38-56.090-AvastVBoxSVC.exe-1312.log
2015-01-20 20:02 - 2015-01-20 20:02 - 00091088 _____ () C:\Users\Lea\Downloads\Cleaner_January_2015.zip
2015-01-20 19:40 - 2015-01-20 19:40 - 00000197 _____ () C:\Windows\system32\2015-01-20-19-40-11.074-AvastVBoxSVC.exe-3672.log
2015-01-20 11:49 - 2015-01-20 11:49 - 00000197 _____ () C:\Windows\system32\2015-01-20-11-49-11.049-AvastVBoxSVC.exe-3756.log
2015-01-19 23:03 - 2015-01-19 23:04 - 00000197 _____ () C:\Windows\system32\2015-01-19-23-03-39.070-AvastVBoxSVC.exe-3480.log
2015-01-19 16:33 - 2015-01-19 16:33 - 00000197 _____ () C:\Windows\system32\2015-01-19-16-33-04.066-AvastVBoxSVC.exe-3384.log
2015-01-18 20:11 - 2015-01-18 20:11 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-11-25.018-AvastVBoxSVC.exe-3948.log
2015-01-17 21:24 - 2015-01-17 21:24 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-24-36.052-AvastVBoxSVC.exe-3664.log
2015-01-17 20:19 - 2015-01-17 20:19 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-19-25.097-AvastVBoxSVC.exe-3432.log
2015-01-17 20:06 - 2015-01-17 20:06 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-06-18.019-AvastVBoxSVC.exe-3748.log
2015-01-16 23:15 - 2015-01-16 23:15 - 00852504 _____ () C:\Users\Lea\Downloads\SecurityCheck.exe
2015-01-16 20:15 - 2015-01-16 20:15 - 02347384 _____ (ESET) C:\Users\Lea\Downloads\esetsmartinstaller_enu.exe
2015-01-16 20:15 - 2015-01-16 20:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-16 19:08 - 2015-01-16 19:08 - 00000197 _____ () C:\Windows\system32\2015-01-16-19-08-02.013-AvastVBoxSVC.exe-3400.log
2015-01-16 16:56 - 2015-01-16 16:56 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-56-53.083-AvastVBoxSVC.exe-3548.log
2015-01-15 21:59 - 2015-01-15 21:59 - 00000197 _____ () C:\Windows\system32\2015-01-15-21-59-07.040-AvastVBoxSVC.exe-3816.log
2015-01-15 21:41 - 2015-01-15 21:41 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 21:39 - 2015-01-15 21:39 - 01707939 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2015-01-15 21:36 - 2015-01-15 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-15-21-36-15.032-AvastVBoxSVC.exe-3524.log
2015-01-15 20:25 - 2015-01-15 20:25 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-25-13.041-AvastVBoxSVC.exe-3608.log
2015-01-14 22:29 - 2015-01-14 22:29 - 00000197 _____ () C:\Windows\system32\2015-01-14-22-29-40.079-AvastVBoxSVC.exe-3460.log
2015-01-14 00:19 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 00:19 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 00:19 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 00:19 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 00:19 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 00:19 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 00:19 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:19 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:19 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 00:19 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 00:19 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:19 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 00:19 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 00:07 - 2015-01-14 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-00-07-35.034-AvastVBoxSVC.exe-3536.log
2015-01-13 00:07 - 2015-01-13 00:07 - 00000197 _____ () C:\Windows\system32\2015-01-13-00-07-20.079-AvastVBoxSVC.exe-3204.log
2015-01-12 20:13 - 2015-01-12 20:14 - 00000197 _____ () C:\Windows\system32\2015-01-12-20-13-41.026-AvastVBoxSVC.exe-3748.log
2015-01-11 23:13 - 2015-01-11 23:15 - 00000000 ____D () C:\Users\Lea\Desktop\MATHS
2015-01-11 22:18 - 2015-01-11 22:18 - 00087552 _____ () C:\Users\Lea\Downloads\MOLE Lesson 2 Factors and Multiples.pptx
2015-01-11 22:10 - 2015-01-11 22:10 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup.exe
2015-01-11 22:01 - 2015-01-11 22:01 - 00000197 _____ () C:\Windows\system32\2015-01-11-22-01-45.062-AvastVBoxSVC.exe-3508.log
2015-01-11 16:35 - 2015-01-11 16:35 - 00000197 _____ () C:\Windows\system32\2015-01-11-16-35-20.068-AvastVBoxSVC.exe-3764.log
2015-01-10 13:11 - 2015-01-10 13:12 - 00000197 _____ () C:\Windows\system32\2015-01-10-13-11-55.049-AvastVBoxSVC.exe-3248.log
2015-01-09 21:41 - 2015-01-09 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-09-21-41-47.019-aswFe.exe-6996.log
2015-01-09 21:35 - 2015-01-09 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-09-21-35-04.007-aswFe.exe-852.log
2015-01-09 21:34 - 2015-01-09 21:35 - 00000197 _____ () C:\Windows\system32\2015-01-09-21-34-55.065-AvastVBoxSVC.exe-3728.log
2015-01-09 16:49 - 2015-01-09 16:49 - 00000197 _____ () C:\Windows\system32\2015-01-09-16-49-43.013-AvastVBoxSVC.exe-4176.log
2015-01-09 00:11 - 2015-01-09 00:11 - 00421431 _____ () C:\Users\Lea\Downloads\Raimon Bundó Wedding Dresses 2011   Wedding Inspirasi.html
2015-01-09 00:11 - 2015-01-09 00:11 - 00000000 ____D () C:\Users\Lea\Downloads\Raimon Bundó Wedding Dresses 2011   Wedding Inspirasi_files
2015-01-08 18:44 - 2015-01-08 18:44 - 00000197 _____ () C:\Windows\system32\2015-01-08-18-44-52.064-AvastVBoxSVC.exe-3692.log
2015-01-08 14:26 - 2015-01-08 14:26 - 00000197 _____ () C:\Windows\system32\2015-01-08-14-26-00.057-AvastVBoxSVC.exe-3588.log
2015-01-06 19:51 - 2015-01-06 19:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-19-51-05.043-AvastVBoxSVC.exe-4052.log
2015-01-06 19:05 - 2015-01-06 19:06 - 00000197 _____ () C:\Windows\system32\2015-01-06-19-05-41.058-AvastVBoxSVC.exe-4068.log
2015-01-06 16:40 - 2015-01-06 16:40 - 00000197 _____ () C:\Windows\system32\2015-01-06-16-40-12.035-AvastVBoxSVC.exe-4012.log
2015-01-05 22:51 - 2015-01-05 22:52 - 00000197 _____ () C:\Windows\system32\2015-01-05-22-51-31.051-AvastVBoxSVC.exe-3912.log
2015-01-04 21:14 - 2015-01-04 21:14 - 00000197 _____ () C:\Windows\system32\2015-01-04-21-14-40.016-AvastVBoxSVC.exe-3936.log
2015-01-04 21:07 - 2015-01-04 21:07 - 02173952 _____ () C:\Users\Lea\Downloads\AdwCleaner (1).exe
2015-01-04 21:05 - 2015-01-04 21:06 - 00000197 _____ () C:\Windows\system32\2015-01-04-21-05-54.018-AvastVBoxSVC.exe-6704.log
2015-01-04 20:56 - 2015-01-20 22:41 - 00000000 ____D () C:\Users\Lea\Desktop\FRST-OlderVersion
2015-01-04 20:53 - 2015-01-04 20:54 - 00006062 _____ () C:\Users\Lea\Downloads\fixlist.txt
2015-01-04 14:00 - 2015-01-04 14:00 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-00-02.055-AvastVBoxSVC.exe-4036.log
2015-01-04 13:57 - 2015-01-04 13:57 - 00000000 ____D () C:\Program Files (x86)\Software Update Services
2015-01-04 01:19 - 2015-01-04 01:19 - 00000533 _____ () C:\Users\Lea\NY - Res.txt
2015-01-04 01:02 - 2015-01-04 01:02 - 00000197 _____ () C:\Windows\system32\2015-01-04-01-02-37.044-AvastVBoxSVC.exe-3576.log
2015-01-03 16:59 - 2015-01-03 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-03-16-59-56.039-AvastVBoxSVC.exe-3600.log
2015-01-03 14:57 - 2015-01-03 14:57 - 00000197 _____ () C:\Windows\system32\2015-01-03-14-57-42.064-AvastVBoxSVC.exe-3696.log
2015-01-03 13:31 - 2015-01-03 13:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-03 13:30 - 2015-01-03 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-03 13:29 - 2015-01-03 13:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-03 13:27 - 2015-01-03 13:27 - 00638888 _____ (Oracle Corporation) C:\Users\Lea\Downloads\chromeinstall-8u25.exe
2015-01-03 02:13 - 2015-01-03 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-03 02:12 - 2015-01-16 20:12 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-03 02:11 - 2015-01-03 02:11 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (7).exe
2015-01-03 02:02 - 2015-01-03 02:02 - 00003466 _____ () C:\Windows\system32\.crusader
2015-01-03 01:46 - 2015-01-03 02:06 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-03 01:45 - 2015-01-03 01:45 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 01:44 - 2015-01-03 02:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-03 01:44 - 2015-01-03 01:44 - 11222744 _____ (SurfRight B.V.) C:\Users\Lea\Downloads\HitmanPro_x64.exe
2015-01-03 01:02 - 2015-01-03 01:02 - 00000247 _____ () C:\Windows\system32\2015-01-03-01-02-14.091-aswFe.exe-5524.log
2015-01-03 01:00 - 2015-01-03 01:00 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-00-29.055-AvastVBoxSVC.exe-6400.log
2015-01-03 00:47 - 2015-01-22 00:45 - 00000000 ____D () C:\AdwCleaner
2015-01-03 00:47 - 2015-01-03 00:47 - 00000247 _____ () C:\Windows\system32\2015-01-03-00-47-54.062-aswFe.exe-4452.log
2015-01-03 00:47 - 2015-01-03 00:47 - 00000197 _____ () C:\Windows\system32\2015-01-03-00-47-10.086-AvastVBoxSVC.exe-3912.log
2015-01-02 23:50 - 2015-01-02 23:50 - 00000247 _____ () C:\Windows\system32\2015-01-02-23-50-19.032-aswFe.exe-6384.log
2015-01-02 23:49 - 2015-01-02 23:50 - 00000197 _____ () C:\Windows\system32\2015-01-02-23-49-56.013-AvastVBoxSVC.exe-2016.log
2015-01-02 16:12 - 2015-01-02 16:12 - 00000197 _____ () C:\Windows\system32\2015-01-02-16-12-14.014-AvastVBoxSVC.exe-3696.log
2015-01-01 20:50 - 2015-01-01 20:50 - 00000197 _____ () C:\Windows\system32\2015-01-01-20-50-06.010-AvastVBoxSVC.exe-3132.log
2015-01-01 01:23 - 2015-01-01 01:24 - 00000197 _____ () C:\Windows\system32\2015-01-01-01-23-42.070-AvastVBoxSVC.exe-4120.log
2014-12-31 14:19 - 2014-12-31 14:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-14-19-37.047-AvastVBoxSVC.exe-3712.log
2014-12-31 13:54 - 2015-01-02 17:11 - 00000415 _____ () C:\Users\Lea\Downloads\ckfiles.txt
2014-12-31 13:48 - 2014-12-31 13:48 - 00468480 _____ () C:\Users\Lea\Downloads\CKScanner.exe
2014-12-31 13:44 - 2014-12-31 13:44 - 00000197 _____ () C:\Windows\system32\2014-12-31-13-44-29.034-AvastVBoxSVC.exe-3236.log
2014-12-30 22:07 - 2014-12-30 22:07 - 02123264 _____ (Farbar) C:\Users\Lea\Downloads\FRST64 (1).exe
2014-12-30 20:54 - 2014-12-30 20:54 - 00110166 _____ () C:\Users\Lea\Documents\OTL.Txt
2014-12-30 20:40 - 2014-12-30 20:40 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL (2).exe
2014-12-30 20:35 - 2014-12-30 20:35 - 00108978 _____ () C:\Users\Lea\Downloads\Extras.Txt
2014-12-30 20:32 - 2014-12-30 20:53 - 00110166 _____ () C:\Users\Lea\Downloads\OTL.Txt
2014-12-30 20:17 - 2014-12-30 20:17 - 00651776 _____ () C:\Users\Lea\Downloads\MicrosoftFixit50228.msi
2014-12-30 20:11 - 2014-12-30 20:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL (1).exe
2014-12-30 20:10 - 2014-12-30 20:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Desktop\OTL.exe
2014-12-30 16:58 - 2014-12-30 16:58 - 00000197 _____ () C:\Windows\system32\2014-12-30-16-58-12.008-AvastVBoxSVC.exe-3512.log
2014-12-29 20:56 - 2014-12-29 20:56 - 00048165 _____ () C:\Users\Lea\Documents\FRST.txt
2014-12-29 20:55 - 2014-12-29 20:55 - 00038357 _____ () C:\Users\Lea\Documents\Addition.txt
2014-12-29 20:48 - 2014-12-29 20:48 - 00004588 _____ () C:\Users\Lea\Documents\mb.txt
2014-12-29 20:43 - 2014-12-30 22:14 - 00039824 _____ () C:\Users\Lea\Downloads\Addition.txt
2014-12-29 20:41 - 2015-01-22 20:50 - 00000000 ____D () C:\FRST
2014-12-29 20:41 - 2014-12-30 22:14 - 00048617 _____ () C:\Users\Lea\Downloads\FRST.txt
2014-12-29 20:40 - 2015-01-20 22:41 - 02126848 _____ (Farbar) C:\Users\Lea\Desktop\FRST64.exe
2014-12-29 16:27 - 2014-12-29 16:28 - 00000197 _____ () C:\Windows\system32\2014-12-29-16-27-59.079-AvastVBoxSVC.exe-2548.log
2014-12-29 11:28 - 2014-12-29 11:28 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-12-29 11:27 - 2014-12-29 11:27 - 00753184 _____ () C:\Users\Lea\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-12-29 11:09 - 2014-12-29 11:09 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-09-02.021-AvastVBoxSVC.exe-3984.log
2014-12-29 01:34 - 2014-12-29 01:34 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-34-44.086-AvastVBoxSVC.exe-3768.log
2014-12-28 18:16 - 2014-12-28 18:17 - 00000197 _____ () C:\Windows\system32\2014-12-28-18-16-55.099-AvastVBoxSVC.exe-4388.log
2014-12-27 00:40 - 2014-12-27 00:40 - 00001197 _____ () C:\Users\Lea\po.txt
2014-12-27 00:07 - 2014-12-27 00:07 - 00003268 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-826546569-3919575575-2117434215-1000
2014-12-26 21:06 - 2014-12-26 21:06 - 00000197 _____ () C:\Windows\system32\2014-12-26-21-06-01.047-AvastVBoxSVC.exe-4504.log
2014-12-23 23:33 - 2014-12-23 23:33 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 23:31 - 2014-12-23 23:31 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-31-20.058-AvastVBoxSVC.exe-4472.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 20:47 - 2012-11-17 00:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 20:47 - 2012-07-23 18:37 - 00000000 ____D () C:\ProgramData\Advent
2015-01-22 20:47 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 20:46 - 2011-12-05 11:15 - 01759071 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 20:44 - 2012-11-17 00:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 20:43 - 2009-07-14 04:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:43 - 2009-07-14 04:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:41 - 2012-04-15 11:34 - 00000000 ____D () C:\Users\Lea\AppData\Local\CrashDumps
2015-01-22 00:57 - 2012-08-07 15:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 00:11 - 2013-08-06 01:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA.job
2015-01-21 23:36 - 2014-05-13 11:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 21:11 - 2013-08-06 01:02 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core.job
2015-01-21 18:36 - 2011-02-15 00:54 - 00000000 ____D () C:\Windows\Panther
2015-01-21 17:22 - 2014-05-01 16:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-21 17:20 - 2012-04-10 15:39 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\SoftGrid Client
2015-01-21 17:01 - 2014-10-09 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-20 11:53 - 2014-08-06 21:25 - 00023703 _____ () C:\Windows\BRRBCOM.INI
2015-01-19 16:33 - 2012-04-10 13:36 - 00067008 _____ () C:\Users\Lea\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 22:57 - 2012-08-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 22:57 - 2012-08-07 15:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 22:57 - 2011-10-21 01:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 22:55 - 2013-07-13 21:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:34 - 2012-04-10 20:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 18:42 - 2011-10-21 01:41 - 00000000 ____D () C:\Windows\pl
2015-01-06 04:36 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 21:06 - 2013-08-06 01:02 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA
2015-01-04 21:06 - 2013-08-06 01:02 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core
2015-01-04 13:57 - 2014-11-12 19:33 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-01-04 01:19 - 2012-04-10 13:36 - 00000000 ____D () C:\Users\Lea
2015-01-03 13:29 - 2013-04-12 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-03 00:44 - 2011-10-21 01:40 - 00000000 ____D () C:\Windows\fr
2014-12-31 14:21 - 2009-07-14 05:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 14:01 - 2012-04-10 15:35 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\uTorrent
2014-12-29 18:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-29 14:45 - 2011-10-21 01:42 - 00000000 ____D () C:\Windows\ca
2014-12-28 22:16 - 2014-12-13 00:39 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-28 19:04 - 2014-11-28 20:17 - 00032689 _____ () C:\Users\Lea\Downloads\software_removal_tool.log
 
==================== Files in the root of some directories =======
2014-11-15 19:43 - 2014-11-24 23:23 - 0000004 _____ () C:\Users\Lea\AppData\Roaming\appdataFr2.bin
2012-04-11 20:55 - 2011-01-04 08:26 - 0076407 _____ () C:\Users\Lea\AppData\Roaming\Smiley.ico
2014-05-02 12:39 - 2014-05-02 12:39 - 0000044 _____ () C:\Users\Lea\AppData\Roaming\WB.CFG
2012-10-29 01:25 - 2012-10-29 01:25 - 0003713 _____ () C:\Users\Lea\AppData\Local\HWVendorDetection.log
2011-12-05 11:24 - 2011-12-05 11:26 - 0015123 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-20 23:36
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Lea (administrator) on LEA-PC on 22-01-2015 20:49:55
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DSGi) C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2275944 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2642728 2011-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [ADAiO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe [2779136 2010-12-09] (DSGi)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1357648 2014-12-08] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-12-04] (BullGuard Ltd.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ADAiO2StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\ADAiO2MUI.exe
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Run: [Google Update] => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-06] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-826546569-3919575575-2117434215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-826546569-3919575575-2117434215-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} https://britishgasto...om/HomeVend.cab
DPF: HKLM-x32 {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://bg.itronener...yBoxControl.cab
DPF: HKLM-x32 {2A293777-79CA-4DD9-A545-0E1718C0D3CF} https://bg.itronener...yboxControl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E731E39E-A891-4959-9E6D-1DC0D10BAA43}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @talk.google.com/O1DPlugin -> C:\Users\Lea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-826546569-3919575575-2117434215-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lea\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lea\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\[email protected]
 
Chrome: 
=======
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-03]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-03]
CHR Extension: (YouTube) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]
CHR Extension: (Google Search) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-03]
CHR Extension: (Google Sheets) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Advent AIO Network Discovery Service; C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [361904 2011-10-14] (DSGi)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [778576 2014-12-11] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [601424 2014-12-17] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-12-08] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [428368 2014-12-04] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 2014-12-08] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [758608 2014-12-17] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [549200 2014-12-08] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-12-04] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384336 2014-12-08] (BullGuard Ltd.)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-10-28] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-10-28] (Agnitum Ltd.)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2013-12-13] (Google Inc)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-10-28] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-10-28] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-10-28] (BullGuard Ltd.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-10] (Qualcomm Atheros)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-03] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-28] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-28] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-10-28] (BitDefender S.R.L.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 20:49 - 2015-01-22 20:51 - 00023298 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-22 20:49 - 2015-01-22 20:49 - 00000640 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-01-22 20:47 - 2015-01-22 20:48 - 00000000 ____D () C:\ProgramData\Optimizer
2015-01-22 20:42 - 2015-01-22 20:42 - 00000237 _____ () C:\Users\Lea\Documents\fixlist.txt
2015-01-22 20:40 - 2015-01-22 20:40 - 00000237 _____ () C:\Users\Lea\Downloads\fixlist (1).txt
2015-01-22 01:10 - 2015-01-22 01:10 - 00001376 _____ () C:\Windows\IE11_main.log
2015-01-22 01:02 - 2015-01-22 01:02 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\Lea\Downloads\tdsskiller.exe
2015-01-22 00:43 - 2015-01-22 00:43 - 02186752 _____ () C:\Users\Lea\Downloads\adwcleaner_4.108.exe
2015-01-22 00:42 - 2015-01-22 00:42 - 00000071 _____ () C:\Users\Lea\Desktop\suspect.txt
2015-01-22 00:32 - 2015-01-22 20:47 - 00000224 _____ () C:\Windows\setupact.log
2015-01-22 00:32 - 2015-01-22 00:46 - 00002094 _____ () C:\Windows\PFRO.log
2015-01-22 00:32 - 2015-01-22 00:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-22 00:26 - 2015-01-22 00:26 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Lea\Downloads\rkill.com
2015-01-22 00:24 - 2015-01-22 00:24 - 00001984 _____ () C:\Users\Lea\Desktop\mal.txt
2015-01-21 17:22 - 2015-01-22 20:47 - 00000356 _____ () C:\Windows\system32\config\afw_hm.conf
2015-01-21 17:22 - 2015-01-22 20:47 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2015-01-21 17:09 - 2015-01-21 17:09 - 00000164 _____ () C:\Users\Lea\Desktop\BullGuard Online Drive.lnk
2015-01-21 17:04 - 2015-01-21 18:30 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\BullGuard
2015-01-21 17:04 - 2015-01-21 17:04 - 00000954 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2015-01-21 17:04 - 2015-01-21 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2015-01-21 17:02 - 2015-01-21 17:02 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2015-01-21 17:02 - 2015-01-21 17:02 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2015-01-21 16:59 - 2015-01-21 16:59 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\QuickScan
2015-01-21 16:58 - 2015-01-22 20:51 - 00000000 ____D () C:\ProgramData\BullGuard
2015-01-21 16:57 - 2015-01-21 16:57 - 00325440 _____ () C:\Users\Lea\Downloads\BullGuardDownloader_uksem60.exe
2015-01-21 12:38 - 2015-01-21 12:39 - 00000197 _____ () C:\Windows\system32\2015-01-21-12-38-56.090-AvastVBoxSVC.exe-1312.log
2015-01-20 20:02 - 2015-01-20 20:02 - 00091088 _____ () C:\Users\Lea\Downloads\Cleaner_January_2015.zip
2015-01-20 19:40 - 2015-01-20 19:40 - 00000197 _____ () C:\Windows\system32\2015-01-20-19-40-11.074-AvastVBoxSVC.exe-3672.log
2015-01-20 11:49 - 2015-01-20 11:49 - 00000197 _____ () C:\Windows\system32\2015-01-20-11-49-11.049-AvastVBoxSVC.exe-3756.log
2015-01-19 23:03 - 2015-01-19 23:04 - 00000197 _____ () C:\Windows\system32\2015-01-19-23-03-39.070-AvastVBoxSVC.exe-3480.log
2015-01-19 16:33 - 2015-01-19 16:33 - 00000197 _____ () C:\Windows\system32\2015-01-19-16-33-04.066-AvastVBoxSVC.exe-3384.log
2015-01-18 20:11 - 2015-01-18 20:11 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-11-25.018-AvastVBoxSVC.exe-3948.log
2015-01-17 21:24 - 2015-01-17 21:24 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-24-36.052-AvastVBoxSVC.exe-3664.log
2015-01-17 20:19 - 2015-01-17 20:19 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-19-25.097-AvastVBoxSVC.exe-3432.log
2015-01-17 20:06 - 2015-01-17 20:06 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-06-18.019-AvastVBoxSVC.exe-3748.log
2015-01-16 23:15 - 2015-01-16 23:15 - 00852504 _____ () C:\Users\Lea\Downloads\SecurityCheck.exe
2015-01-16 20:15 - 2015-01-16 20:15 - 02347384 _____ (ESET) C:\Users\Lea\Downloads\esetsmartinstaller_enu.exe
2015-01-16 20:15 - 2015-01-16 20:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-16 19:08 - 2015-01-16 19:08 - 00000197 _____ () C:\Windows\system32\2015-01-16-19-08-02.013-AvastVBoxSVC.exe-3400.log
2015-01-16 16:56 - 2015-01-16 16:56 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-56-53.083-AvastVBoxSVC.exe-3548.log
2015-01-15 21:59 - 2015-01-15 21:59 - 00000197 _____ () C:\Windows\system32\2015-01-15-21-59-07.040-AvastVBoxSVC.exe-3816.log
2015-01-15 21:41 - 2015-01-15 21:41 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 21:39 - 2015-01-15 21:39 - 01707939 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2015-01-15 21:36 - 2015-01-15 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-15-21-36-15.032-AvastVBoxSVC.exe-3524.log
2015-01-15 20:25 - 2015-01-15 20:25 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-25-13.041-AvastVBoxSVC.exe-3608.log
2015-01-14 22:29 - 2015-01-14 22:29 - 00000197 _____ () C:\Windows\system32\2015-01-14-22-29-40.079-AvastVBoxSVC.exe-3460.log
2015-01-14 00:19 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 00:19 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 00:19 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 00:19 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 00:19 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 00:19 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 00:19 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:19 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:19 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 00:19 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 00:19 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:19 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 00:19 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 00:07 - 2015-01-14 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-00-07-35.034-AvastVBoxSVC.exe-3536.log
2015-01-13 00:07 - 2015-01-13 00:07 - 00000197 _____ () C:\Windows\system32\2015-01-13-00-07-20.079-AvastVBoxSVC.exe-3204.log
2015-01-12 20:13 - 2015-01-12 20:14 - 00000197 _____ () C:\Windows\system32\2015-01-12-20-13-41.026-AvastVBoxSVC.exe-3748.log
2015-01-11 23:13 - 2015-01-11 23:15 - 00000000 ____D () C:\Users\Lea\Desktop\MATHS
2015-01-11 22:18 - 2015-01-11 22:18 - 00087552 _____ () C:\Users\Lea\Downloads\MOLE Lesson 2 Factors and Multiples.pptx
2015-01-11 22:10 - 2015-01-11 22:10 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup.exe
2015-01-11 22:01 - 2015-01-11 22:01 - 00000197 _____ () C:\Windows\system32\2015-01-11-22-01-45.062-AvastVBoxSVC.exe-3508.log
2015-01-11 16:35 - 2015-01-11 16:35 - 00000197 _____ () C:\Windows\system32\2015-01-11-16-35-20.068-AvastVBoxSVC.exe-3764.log
2015-01-10 13:11 - 2015-01-10 13:12 - 00000197 _____ () C:\Windows\system32\2015-01-10-13-11-55.049-AvastVBoxSVC.exe-3248.log
2015-01-09 21:41 - 2015-01-09 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-09-21-41-47.019-aswFe.exe-6996.log
2015-01-09 21:35 - 2015-01-09 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-09-21-35-04.007-aswFe.exe-852.log
2015-01-09 21:34 - 2015-01-09 21:35 - 00000197 _____ () C:\Windows\system32\2015-01-09-21-34-55.065-AvastVBoxSVC.exe-3728.log
2015-01-09 16:49 - 2015-01-09 16:49 - 00000197 _____ () C:\Windows\system32\2015-01-09-16-49-43.013-AvastVBoxSVC.exe-4176.log
2015-01-09 00:11 - 2015-01-09 00:11 - 00421431 _____ () C:\Users\Lea\Downloads\Raimon Bundó Wedding Dresses 2011   Wedding Inspirasi.html
2015-01-09 00:11 - 2015-01-09 00:11 - 00000000 ____D () C:\Users\Lea\Downloads\Raimon Bundó Wedding Dresses 2011   Wedding Inspirasi_files
2015-01-08 18:44 - 2015-01-08 18:44 - 00000197 _____ () C:\Windows\system32\2015-01-08-18-44-52.064-AvastVBoxSVC.exe-3692.log
2015-01-08 14:26 - 2015-01-08 14:26 - 00000197 _____ () C:\Windows\system32\2015-01-08-14-26-00.057-AvastVBoxSVC.exe-3588.log
2015-01-06 19:51 - 2015-01-06 19:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-19-51-05.043-AvastVBoxSVC.exe-4052.log
2015-01-06 19:05 - 2015-01-06 19:06 - 00000197 _____ () C:\Windows\system32\2015-01-06-19-05-41.058-AvastVBoxSVC.exe-4068.log
2015-01-06 16:40 - 2015-01-06 16:40 - 00000197 _____ () C:\Windows\system32\2015-01-06-16-40-12.035-AvastVBoxSVC.exe-4012.log
2015-01-05 22:51 - 2015-01-05 22:52 - 00000197 _____ () C:\Windows\system32\2015-01-05-22-51-31.051-AvastVBoxSVC.exe-3912.log
2015-01-04 21:14 - 2015-01-04 21:14 - 00000197 _____ () C:\Windows\system32\2015-01-04-21-14-40.016-AvastVBoxSVC.exe-3936.log
2015-01-04 21:07 - 2015-01-04 21:07 - 02173952 _____ () C:\Users\Lea\Downloads\AdwCleaner (1).exe
2015-01-04 21:05 - 2015-01-04 21:06 - 00000197 _____ () C:\Windows\system32\2015-01-04-21-05-54.018-AvastVBoxSVC.exe-6704.log
2015-01-04 20:56 - 2015-01-20 22:41 - 00000000 ____D () C:\Users\Lea\Desktop\FRST-OlderVersion
2015-01-04 20:53 - 2015-01-04 20:54 - 00006062 _____ () C:\Users\Lea\Downloads\fixlist.txt
2015-01-04 14:00 - 2015-01-04 14:00 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-00-02.055-AvastVBoxSVC.exe-4036.log
2015-01-04 13:57 - 2015-01-04 13:57 - 00000000 ____D () C:\Program Files (x86)\Software Update Services
2015-01-04 01:19 - 2015-01-04 01:19 - 00000533 _____ () C:\Users\Lea\NY - Res.txt
2015-01-04 01:02 - 2015-01-04 01:02 - 00000197 _____ () C:\Windows\system32\2015-01-04-01-02-37.044-AvastVBoxSVC.exe-3576.log
2015-01-03 16:59 - 2015-01-03 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-03-16-59-56.039-AvastVBoxSVC.exe-3600.log
2015-01-03 14:57 - 2015-01-03 14:57 - 00000197 _____ () C:\Windows\system32\2015-01-03-14-57-42.064-AvastVBoxSVC.exe-3696.log
2015-01-03 13:31 - 2015-01-03 13:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-03 13:30 - 2015-01-03 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-03 13:29 - 2015-01-03 13:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-03 13:27 - 2015-01-03 13:27 - 00638888 _____ (Oracle Corporation) C:\Users\Lea\Downloads\chromeinstall-8u25.exe
2015-01-03 02:13 - 2015-01-03 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-03 02:12 - 2015-01-16 20:12 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-03 02:11 - 2015-01-03 02:11 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (7).exe
2015-01-03 02:02 - 2015-01-03 02:02 - 00003466 _____ () C:\Windows\system32\.crusader
2015-01-03 01:46 - 2015-01-03 02:06 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-03 01:45 - 2015-01-03 01:45 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 01:44 - 2015-01-03 02:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-03 01:44 - 2015-01-03 01:44 - 11222744 _____ (SurfRight B.V.) C:\Users\Lea\Downloads\HitmanPro_x64.exe
2015-01-03 01:02 - 2015-01-03 01:02 - 00000247 _____ () C:\Windows\system32\2015-01-03-01-02-14.091-aswFe.exe-5524.log
2015-01-03 01:00 - 2015-01-03 01:00 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-00-29.055-AvastVBoxSVC.exe-6400.log
2015-01-03 00:47 - 2015-01-22 00:45 - 00000000 ____D () C:\AdwCleaner
2015-01-03 00:47 - 2015-01-03 00:47 - 00000247 _____ () C:\Windows\system32\2015-01-03-00-47-54.062-aswFe.exe-4452.log
2015-01-03 00:47 - 2015-01-03 00:47 - 00000197 _____ () C:\Windows\system32\2015-01-03-00-47-10.086-AvastVBoxSVC.exe-3912.log
2015-01-02 23:50 - 2015-01-02 23:50 - 00000247 _____ () C:\Windows\system32\2015-01-02-23-50-19.032-aswFe.exe-6384.log
2015-01-02 23:49 - 2015-01-02 23:50 - 00000197 _____ () C:\Windows\system32\2015-01-02-23-49-56.013-AvastVBoxSVC.exe-2016.log
2015-01-02 16:12 - 2015-01-02 16:12 - 00000197 _____ () C:\Windows\system32\2015-01-02-16-12-14.014-AvastVBoxSVC.exe-3696.log
2015-01-01 20:50 - 2015-01-01 20:50 - 00000197 _____ () C:\Windows\system32\2015-01-01-20-50-06.010-AvastVBoxSVC.exe-3132.log
2015-01-01 01:23 - 2015-01-01 01:24 - 00000197 _____ () C:\Windows\system32\2015-01-01-01-23-42.070-AvastVBoxSVC.exe-4120.log
2014-12-31 14:19 - 2014-12-31 14:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-14-19-37.047-AvastVBoxSVC.exe-3712.log
2014-12-31 13:54 - 2015-01-02 17:11 - 00000415 _____ () C:\Users\Lea\Downloads\ckfiles.txt
2014-12-31 13:48 - 2014-12-31 13:48 - 00468480 _____ () C:\Users\Lea\Downloads\CKScanner.exe
2014-12-31 13:44 - 2014-12-31 13:44 - 00000197 _____ () C:\Windows\system32\2014-12-31-13-44-29.034-AvastVBoxSVC.exe-3236.log
2014-12-30 22:07 - 2014-12-30 22:07 - 02123264 _____ (Farbar) C:\Users\Lea\Downloads\FRST64 (1).exe
2014-12-30 20:54 - 2014-12-30 20:54 - 00110166 _____ () C:\Users\Lea\Documents\OTL.Txt
2014-12-30 20:40 - 2014-12-30 20:40 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL (2).exe
2014-12-30 20:35 - 2014-12-30 20:35 - 00108978 _____ () C:\Users\Lea\Downloads\Extras.Txt
2014-12-30 20:32 - 2014-12-30 20:53 - 00110166 _____ () C:\Users\Lea\Downloads\OTL.Txt
2014-12-30 20:17 - 2014-12-30 20:17 - 00651776 _____ () C:\Users\Lea\Downloads\MicrosoftFixit50228.msi
2014-12-30 20:11 - 2014-12-30 20:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Downloads\OTL (1).exe
2014-12-30 20:10 - 2014-12-30 20:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lea\Desktop\OTL.exe
2014-12-30 16:58 - 2014-12-30 16:58 - 00000197 _____ () C:\Windows\system32\2014-12-30-16-58-12.008-AvastVBoxSVC.exe-3512.log
2014-12-29 20:56 - 2014-12-29 20:56 - 00048165 _____ () C:\Users\Lea\Documents\FRST.txt
2014-12-29 20:55 - 2014-12-29 20:55 - 00038357 _____ () C:\Users\Lea\Documents\Addition.txt
2014-12-29 20:48 - 2014-12-29 20:48 - 00004588 _____ () C:\Users\Lea\Documents\mb.txt
2014-12-29 20:43 - 2014-12-30 22:14 - 00039824 _____ () C:\Users\Lea\Downloads\Addition.txt
2014-12-29 20:41 - 2015-01-22 20:50 - 00000000 ____D () C:\FRST
2014-12-29 20:41 - 2014-12-30 22:14 - 00048617 _____ () C:\Users\Lea\Downloads\FRST.txt
2014-12-29 20:40 - 2015-01-20 22:41 - 02126848 _____ (Farbar) C:\Users\Lea\Desktop\FRST64.exe
2014-12-29 16:27 - 2014-12-29 16:28 - 00000197 _____ () C:\Windows\system32\2014-12-29-16-27-59.079-AvastVBoxSVC.exe-2548.log
2014-12-29 11:28 - 2014-12-29 11:28 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-12-29 11:27 - 2014-12-29 11:27 - 00753184 _____ () C:\Users\Lea\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-12-29 11:09 - 2014-12-29 11:09 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-09-02.021-AvastVBoxSVC.exe-3984.log
2014-12-29 01:34 - 2014-12-29 01:34 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-34-44.086-AvastVBoxSVC.exe-3768.log
2014-12-28 18:16 - 2014-12-28 18:17 - 00000197 _____ () C:\Windows\system32\2014-12-28-18-16-55.099-AvastVBoxSVC.exe-4388.log
2014-12-27 00:40 - 2014-12-27 00:40 - 00001197 _____ () C:\Users\Lea\po.txt
2014-12-27 00:07 - 2014-12-27 00:07 - 00003268 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-826546569-3919575575-2117434215-1000
2014-12-26 21:06 - 2014-12-26 21:06 - 00000197 _____ () C:\Windows\system32\2014-12-26-21-06-01.047-AvastVBoxSVC.exe-4504.log
2014-12-23 23:33 - 2014-12-23 23:33 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 23:31 - 2014-12-23 23:31 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-31-20.058-AvastVBoxSVC.exe-4472.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 20:47 - 2012-11-17 00:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 20:47 - 2012-07-23 18:37 - 00000000 ____D () C:\ProgramData\Advent
2015-01-22 20:47 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 20:46 - 2011-12-05 11:15 - 01759071 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 20:44 - 2012-11-17 00:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 20:43 - 2009-07-14 04:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:43 - 2009-07-14 04:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:41 - 2012-04-15 11:34 - 00000000 ____D () C:\Users\Lea\AppData\Local\CrashDumps
2015-01-22 00:57 - 2012-08-07 15:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 00:11 - 2013-08-06 01:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA.job
2015-01-21 23:36 - 2014-05-13 11:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 21:11 - 2013-08-06 01:02 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core.job
2015-01-21 18:36 - 2011-02-15 00:54 - 00000000 ____D () C:\Windows\Panther
2015-01-21 17:22 - 2014-05-01 16:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-21 17:20 - 2012-04-10 15:39 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\SoftGrid Client
2015-01-21 17:01 - 2014-10-09 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-20 11:53 - 2014-08-06 21:25 - 00023703 _____ () C:\Windows\BRRBCOM.INI
2015-01-19 16:33 - 2012-04-10 13:36 - 00067008 _____ () C:\Users\Lea\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 22:57 - 2012-08-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 22:57 - 2012-08-07 15:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 22:57 - 2011-10-21 01:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 22:55 - 2013-07-13 21:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:34 - 2012-04-10 20:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 18:42 - 2011-10-21 01:41 - 00000000 ____D () C:\Windows\pl
2015-01-06 04:36 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 21:06 - 2013-08-06 01:02 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA
2015-01-04 21:06 - 2013-08-06 01:02 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core
2015-01-04 13:57 - 2014-11-12 19:33 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-01-04 01:19 - 2012-04-10 13:36 - 00000000 ____D () C:\Users\Lea
2015-01-03 13:29 - 2013-04-12 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-03 00:44 - 2011-10-21 01:40 - 00000000 ____D () C:\Windows\fr
2014-12-31 14:21 - 2009-07-14 05:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 14:01 - 2012-04-10 15:35 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\uTorrent
2014-12-29 18:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-29 14:45 - 2011-10-21 01:42 - 00000000 ____D () C:\Windows\ca
2014-12-28 22:16 - 2014-12-13 00:39 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-28 19:04 - 2014-11-28 20:17 - 00032689 _____ () C:\Users\Lea\Downloads\software_removal_tool.log
 
==================== Files in the root of some directories =======
2014-11-15 19:43 - 2014-11-24 23:23 - 0000004 _____ () C:\Users\Lea\AppData\Roaming\appdataFr2.bin
2012-04-11 20:55 - 2011-01-04 08:26 - 0076407 _____ () C:\Users\Lea\AppData\Roaming\Smiley.ico
2014-05-02 12:39 - 2014-05-02 12:39 - 0000044 _____ () C:\Users\Lea\AppData\Roaming\WB.CFG
2012-10-29 01:25 - 2012-10-29 01:25 - 0003713 _____ () C:\Users\Lea\AppData\Local\HWVendorDetection.log
2011-12-05 11:24 - 2011-12-05 11:26 - 0015123 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-20 23:36
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Lea at 2015-01-22 20:53:27
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden
Acer Deep Sleep Settings (HKLM-x32\...\{86F3E556-83B1-47E5-A36B-560A521B999B}) (Version: 1.00.3008 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
AdC4USelfUpdater (x32 Version: 1.00.0000 - Advent) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ADVENT AIO Printer (HKLM-x32\...\{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}) (Version: 1.3.3.10 - Advent)
Advent AIO Printer (Version: 1.0.6.2 - DSGi) Hidden
Advent Essentials (x32 Version: 1.0.0.0 - DSGi) Hidden
aioscnnr (x32 Version: 1.0.6.0 - DSGi) Hidden
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
Anki (HKLM-x32\...\Anki) (Version:  - )
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Brother MFL-Pro Suite DCP-J132W (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 15.0 - BullGuard Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Edificius (x32 Version: 6.00 - ACCA) Hidden
Edificius v.6.00g (HKLM-x32\...\{614F8F83-BB96-4000-8116-67D1BC132830}) (Version: 6.00g - EN - ACCA software S.p.A.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.0.6.3_WHQL (HKLM\...\Elantech) (Version: 10.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.6.3 (HKLM-x32\...\{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}) (Version: 4.6.3.8096 - Evernote Corp.)
FinePrint (HKLM\...\FinePrint) (Version: 8.15 - FinePrint Software, LLC)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreReq (x32 Version: 6.0.5.2 - Eastman Kodak Company) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{5C20A342-085D-4000-B69D-492F3BA4BF94}) (Version: 1.0 - QualComm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM-x32\...\{34BE2594-1D20-4A2E-97A0-B9E2837520AE}) (Version: 1.00.3004 - Acer Incorporated)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826546569-3919575575-2117434215-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lea\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
15-12-2014 22:38:49 Windows Update
16-12-2014 02:34:51 Windows Update
17-12-2014 19:34:08 Windows Update
17-12-2014 23:57:02 Windows Update
18-12-2014 01:57:40 Windows Update
20-12-2014 22:57:33 Windows Update
21-12-2014 00:01:06 Windows Update
21-12-2014 17:14:21 Windows Update
21-12-2014 17:22:25 avast! antivirus system restore point
21-12-2014 17:29:09 Device Driver Package Install: Avast Network Service
21-12-2014 22:34:28 Software Removal Tool
22-12-2014 01:51:39 Windows Update
23-12-2014 00:53:06 Windows Update
26-12-2014 21:09:52 Windows Update
27-12-2014 00:44:33 Windows Update
29-12-2014 00:36:59 Windows Update
29-12-2014 02:03:00 Windows Update
30-12-2014 01:40:10 Windows Update
30-12-2014 20:19:44 Windows Update
30-12-2014 20:22:01 Windows Update
30-12-2014 20:23:53 Windows Update
30-12-2014 20:28:25 Windows Update
31-12-2014 00:59:32 Windows Update
01-01-2015 20:53:26 Windows Update
02-01-2015 02:40:19 Windows Update
03-01-2015 02:01:03 Checkpoint by HitmanPro
03-01-2015 02:02:35 Checkpoint by HitmanPro
03-01-2015 12:57:51 Windows Update
03-01-2015 15:34:55 Windows Update
04-01-2015 00:31:05 Windows Update
04-01-2015 01:34:06 Windows Update
04-01-2015 20:57:13 Restore Point Created by FRST
04-01-2015 21:00:08 Restore Point Created by FRST
05-01-2015 03:00:19 Windows Update
05-01-2015 03:44:33 Windows Update
05-01-2015 23:14:25 Windows Update
06-01-2015 16:43:22 Windows Update
06-01-2015 17:47:03 Windows Update
06-01-2015 19:29:53 Windows Update
06-01-2015 20:15:19 Windows Update
09-01-2015 00:50:50 Windows Update
09-01-2015 16:52:19 avast! antivirus system restore point
10-01-2015 02:15:56 Windows Update
11-01-2015 01:13:23 Windows Update
12-01-2015 00:42:30 Windows Update
13-01-2015 00:33:33 Windows Update
14-01-2015 22:32:16 Windows Update
15-01-2015 00:08:40 Windows Update
15-01-2015 21:16:20 Windows Update
15-01-2015 22:59:12 Windows Update
17-01-2015 00:15:00 Windows Update
17-01-2015 20:11:20 Restore Point Created by FRST
17-01-2015 20:14:20 Restore Point Created by FRST
18-01-2015 01:36:06 Windows Update
19-01-2015 00:14:29 Windows Update
19-01-2015 22:42:45 Windows Update
20-01-2015 00:08:22 Windows Update
21-01-2015 01:29:28 Windows Update
21-01-2015 16:59:37 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
21-01-2015 17:03:07 Device Driver Package Install: Agnitum Network Service
21-01-2015 17:03:49 Device Driver Package Install: Agnitum Network adapters
21-01-2015 17:11:44 avast! antivirus system restore point
22-01-2015 01:09:18 Windows Update
22-01-2015 20:44:34 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-01-04 20:58 - 2015-01-04 21:00 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14743BBA-6DF3-44B0-BD30-F953C3F3BB53} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2A38BC47-9D38-46AE-98A6-6BD0D80185A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {37A2C7F1-1C6D-4CB9-BE8C-86B1C1172E68} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {50A37FFF-AC42-49D5-A56C-DA69DE940823} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {5A87B349-189E-4059-A3E9-6C2F98530278} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {5F0D9F42-FB4F-41D5-BC3A-C541F2CFE462} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {77B3CD3C-0AC3-471C-BAFD-9F25CC5A1016} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {7F56EA38-A7FD-4707-98A6-9B5FB9453768} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {90FAACE9-D03B-46B3-B81C-D86A16112EEE} - System32\Tasks\{A83BC985-A76D-418A-930E-6A952A51D03D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {94D5CC3F-2B72-41A7-AA92-A787FAAB2A21} - System32\Tasks\avastBCLRestartS-1-5-21-826546569-3919575575-2117434215-1000 => Chrome.exe 
Task: {958E0E1C-859F-447D-A6F1-B243DD96B103} - System32\Tasks\{6DBB1977-06FA-4253-8C11-919DE8C52E34} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B742757A-7658-4E09-A51A-085CF0F7F4D3}\Setup.exe" -c  -runfromtemp -l0x0009 UNINSTALL Reg=BHmini13_C2 -removeonly
Task: {978D6381-14D2-43D5-9579-261789B2A134} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {A2DA72CC-38D6-46DF-9126-037C111AF2C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {BECFE957-BAD9-4282-B922-44244A72745B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DE3D9038-8E72-4F12-B737-0B2DCC601F6D} - System32\Tasks\Opera scheduled Autoupdate 1417994842 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {EC930452-109B-4A89-A433-5BB5A333B34F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {F701F532-F134-412D-87D0-327C5AB0805B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F971B0FA-775E-4D9B-9AE9-D0EF7EA4AE5E} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000Core.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826546569-3919575575-2117434215-1000UA.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-04 13:59 - 2014-12-04 13:59 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2014-12-04 14:35 - 2014-12-04 14:35 - 00021800 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-12-04 15:01 - 2014-12-04 15:01 - 00033712 _____ () c:\program files\bullguard ltd\bullguard\BgWsc.exe
2014-08-06 21:23 - 2005-04-22 04:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-12-04 14:34 - 2014-12-04 14:34 - 00028456 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BackupShellNamespaceRes.dll
2011-12-05 18:52 - 2011-08-09 15:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 00613200 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-12-04 14:35 - 2014-12-04 14:35 - 00279336 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2014-12-04 14:35 - 2014-12-04 14:35 - 00013096 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
2014-12-04 14:35 - 2014-12-04 14:35 - 00033064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2012-08-10 18:28 - 2012-08-10 18:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-08-06 21:22 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-826546569-3919575575-2117434215-500 - Administrator - Disabled)
Guest (S-1-5-21-826546569-3919575575-2117434215-501 - Limited - Enabled) => C:\Users\Guest.Lea-PC
HomeGroupUser$ (S-1-5-21-826546569-3919575575-2117434215-1002 - Limited - Enabled)
Lea (S-1-5-21-826546569-3919575575-2117434215-1000 - Administrator - Enabled) => C:\Users\Lea
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/22/2015 08:47:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/22/2015 08:44:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {284ad6a1-a7bf-4961-a3ad-6e9381f72ab4}
 
Error: (01/22/2015 08:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0x1bf0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (01/22/2015 08:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0x1ae0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/22/2015 08:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0x8f4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/22/2015 08:35:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/22/2015 01:05:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0x674
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (01/22/2015 01:04:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0xb5c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (01/22/2015 01:03:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0x1530
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (01/22/2015 00:56:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.22.dll, version: 1.0.0.22, time stamp: 0x522fb12c
Exception code: 0xc000041d
Fault offset: 0x0000000000008e77
Faulting process id: 0x4d0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
 
System errors:
=============
Error: (01/22/2015 08:48:44 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (01/22/2015 08:48:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/22/2015 08:47:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001
 
Error: (01/22/2015 08:47:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:45:56 on ‎22/‎01/‎2015 was unexpected.
 
Error: (01/22/2015 08:44:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/22/2015 08:44:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NTI IScheduleSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/22/2015 08:44:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/22/2015 08:44:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/22/2015 08:44:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/22/2015 08:44:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/22/2015 08:47:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/22/2015 08:44:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {284ad6a1-a7bf-4961-a3ad-6e9381f72ab4}
 
Error: (01/22/2015 08:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e771bf001d03683d63a7950C:\Windows\explorer.exeC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll4466db79-a277-11e4-b079-c1b065b3b050
 
Error: (01/22/2015 08:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e771ae001d03683c3e4c4d6C:\Windows\Explorer.EXEC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll0fec94f3-a277-11e4-b079-c1b065b3b050
 
Error: (01/22/2015 08:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e778f401d0368301edd9e7C:\Windows\Explorer.EXEC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dllfd47f558-a276-11e4-b079-c1b065b3b050
 
Error: (01/22/2015 08:35:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\athihvs.dll
 
Error: (01/22/2015 01:05:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e7767401d035df598d813dC:\Windows\explorer.exeC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dlld3569ff4-a1d2-11e4-ab86-f01a4ee7a955
 
Error: (01/22/2015 01:04:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e77b5c01d035df4adc7367C:\Windows\explorer.exeC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll91574510-a1d2-11e4-ab86-f01a4ee7a955
 
Error: (01/22/2015 01:03:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e77153001d035de4d8b52aaC:\Windows\explorer.exeC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll85137e62-a1d2-11e4-ab86-f01a4ee7a955
 
Error: (01/22/2015 00:56:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4DropboxExt64.22.dll1.0.0.22522fb12cc000041d0000000000008e774d001d035dda6869af8C:\Windows\explorer.exeC:\Users\Lea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll889afade-a1d1-11e4-ab86-f01a4ee7a955
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 58%
Total physical RAM: 3946.19 MB
Available physical RAM: 1651.8 MB
Total Pagefile: 7890.57 MB
Available Pagefile: 5562.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:282.85 GB) (Free:132.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4007CF80)
Partition 1: (Not Active) - (Size=15.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 18.6 GB) (Disk ID: 4007CFAE)
Partition 1: (Not Active) - (Size=18.6 GB) - (Type=84)
 
==================== End Of Log ============================

  • 0

#25
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Did you actually try to delete that C:\ProgramData\Optimizer folder? Because I can see that it's still present on your system.

 

Also, do you still have these popups or redirects? You didn't answer my question about that.


  • 0

Advertisements


#26
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Yes and it just comes back as soon as I restart my computer. 

 

I haven't today. But I haven't been on my computer much.


  • 0

#27
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I got a pop-up today. On my desktop asking me to install an update for bittorent. Software I don't have.


  • 0

#28
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, cookie88.

I've noticed that you tried to run some tools by yourself, like TDSSKiller or RKill. Please, refrain from doing that. I've already mentioned it in my first post to you:

Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.


If you've run TDSSKiller, please, show it's report to me. It should be located in C:\ folder.

Please, do the following scans again:

Step #1
Junkware Removal Tool
  • Close any open windows
  • Disable your Antivirus program
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click p2tBmrU.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S3].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S3].txt log content
  • TDSSKiller log content, but only if you've run it earlier

  • 0

#29
cookie88

cookie88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thank you for trying to help but at this point I am going to format my computer. If that doesn't work i'll take it to the tech shop.

 

I ran the scans but they were blank. I think Adwcleaner removed a key or something. Hence running other programmes which also found nothing.

 

I feel like I'm just going round in circles. 

 

But thanks once again.


  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I'm sorry we weren't able to resolve your issues. If we can help in the future please let us know.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP