Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Unwanted ads and redirecting [Closed]

Ads redirecting

  • This topic is locked This topic is locked
20 replies to this topic

#1 jensaxel

jensaxel

    Authentic Member

  • Authentic Member
  • PipPip
  • 160 posts

Posted 09 December 2014 - 10:13 AM

Hi whatthetech

 

I have had great use of your forum before, so I return with a irritatng problem.

Since I followed a link on Facebook, I keep having windows opening to all kinds of sites, most of them

my web rating service grades perilous. So far I just ran my virus scan, and cleared the cache an history.

 

Below are my logfiles from Avast and Farbar:

 

Avast:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-03 14:27:16
-----------------------------
14:27:16.318    OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:16.318    Number of processors: 2 586 0x2A07
14:27:16.318    ComputerName: SHEANA-PC  UserName: Sheana
14:27:18.624    Initialize success
14:27:18.782    VM: initialized successfully
14:27:18.784    VM: Intel CPU virtualization not supported
14:42:48.550    AVAST engine defs: 14120300
14:54:22.626    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:22.626    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
14:54:22.806    Disk 0 MBR read successfully
14:54:22.806    Disk 0 MBR scan
14:54:22.926    Disk 0 Windows 7 default MBR code
14:54:22.926    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
14:54:22.936    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       286161 MB offset 52430848
14:54:22.956    Disk 0 default boot code
14:54:22.976    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       403641 MB offset 638488576
14:54:23.136    Disk 0 scanning C:\Windows\system32\drivers
14:54:36.311    Service scanning
14:55:25.196    Modules scanning
14:55:25.206    Disk 0 trace - called modules:
14:55:25.226    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:55:25.226    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c8f5e0]
14:55:25.236    3 CLASSPNP.SYS[fffff88001c9743f] -> nt!IofCallDriver -> [0xfffffa8004660800]
14:55:25.236    5 ACPI.sys[fffff88000f3d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800472b050]
14:55:31.177    AVAST engine scan C:\Windows
14:55:44.851    AVAST engine scan C:\Windows\system32
14:59:49.125    AVAST engine scan C:\Windows\system32\drivers
15:00:01.869    AVAST engine scan C:\Users\Sheana
15:17:17.556    AVAST engine scan C:\ProgramData
15:20:46.225    Disk 0 statistics 3739932/0/0 @ 1,86 MB/s
15:20:46.235    Scan finished successfully
15:21:32.437    Disk 0 MBR has been saved successfully to "C:\Users\Sheana\Desktop\MBR.dat"
15:21:32.527    The log file has been saved successfully to "C:\Users\Sheana\Desktop\aswMBR.txt"

 

 

Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Sheana (administrator) on SHEANA-PC on 09-12-2014 16:54:18
Running from C:\Users\Sheana\Downloads
Loaded Profile: Sheana (Available profiles: Sheana & turist)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify] => C:\Users\Sheana\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-21] (Spotify Ltd)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify Web Helper] => C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-21] (Spotify Ltd)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-449824696-1012907402-3947539949-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yah...pe=foxysecurity
SearchScopes: HKU\S-1-5-21-449824696-1012907402-3947539949-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yah...pe=foxysecurity
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Sheana\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852
FF Homepage: https://www.google.es/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\user.js
FF Extension: Web Security Fx - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\antiphising@foxy-foxi.com [2014-11-30]
FF Extension: Lavasoft Search Plugin - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-12]
FF Extension: WOT - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-10]
FF Extension: W-Foxxer - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\{e1bab803-e6d4-4b10-ba4f-3a477d22209a} [2014-11-30]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 16:54 - 2014-12-09 16:55 - 00016454 _____ () C:\Users\Sheana\Downloads\FRST.txt
2014-12-09 16:53 - 2014-12-09 16:54 - 00000000 ____D () C:\FRST
2014-12-09 16:52 - 2014-12-09 16:52 - 02119680 _____ (Farbar) C:\Users\Sheana\Downloads\FRST64.exe
2014-12-03 14:26 - 2014-12-03 15:22 - 00000000 ____D () C:\Users\Sheana\Desktop\avast
2014-12-03 14:01 - 2014-12-03 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sheana\Downloads\HijackThis(1).exe
2014-11-30 21:04 - 2014-12-09 00:39 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\vlc
2014-11-30 21:00 - 2014-11-30 21:01 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Security Systems
2014-11-30 21:00 - 2014-11-30 21:00 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-30 20:56 - 2014-11-30 20:59 - 24743106 _____ () C:\Users\Sheana\Desktop\vlc-2-1-5-win32.exe
2014-11-30 20:55 - 2014-11-30 20:55 - 00371048 _____ () C:\Users\Sheana\Downloads\SoftonicDownloader_para_vlc-media-player.exe
2014-11-30 20:49 - 2014-11-30 20:49 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\WebTest
2014-11-30 19:10 - 2014-11-30 19:10 - 00000000 ____D () C:\Users\Sheana\Documents\ridaproperty-6a24c8
2014-11-30 18:48 - 2014-11-30 19:07 - 162222762 _____ () C:\Users\Sheana\Documents\ridaproperty-6a24c8.zip
2014-11-25 12:15 - 2014-11-26 17:44 - 00000000 ____D () C:\Users\Sheana\Desktop\Juan
2014-11-21 12:50 - 2014-11-21 12:50 - 00000294 _____ () C:\Users\Sheana\Downloads\local council taxes.pdf.URL
2014-11-21 12:31 - 2014-11-21 12:35 - 00000000 ____D () C:\Users\Sheana\Desktop\Scotts
2014-11-18 20:39 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:39 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:39 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:39 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 10:50 - 2014-11-15 10:50 - 00000000 __SHD () C:\Users\Sheana\AppData\Local\EmieBrowserModeList
2014-11-13 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 18:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:14 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 18:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 18:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 18:13 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:13 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:13 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:13 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:13 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 09:40 - 2014-11-11 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 16:47 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 16:47 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 16:45 - 2014-04-23 10:51 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Spotify
2014-12-09 16:42 - 2012-04-15 11:18 - 01128474 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 16:41 - 2013-08-19 12:45 - 00000000 ___RD () C:\Users\Sheana\Dropbox
2014-12-09 16:41 - 2013-05-31 09:18 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Dropbox
2014-12-09 16:40 - 2013-01-09 02:31 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-12-09 16:40 - 2012-12-25 23:41 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Skype
2014-12-09 16:40 - 2012-11-14 23:49 - 00000380 _____ () C:\Users\Sheana\AppData\Roaming\sp_data.sys
2014-12-09 16:39 - 2013-10-28 16:36 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-09 16:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 16:39 - 2009-07-14 05:51 - 00172941 _____ () C:\Windows\setupact.log
2014-12-09 16:35 - 2013-01-10 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 18:37 - 2014-03-06 09:40 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\SoftGrid Client
2014-12-06 19:01 - 2009-07-14 06:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 18:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-03 14:08 - 2013-01-09 00:46 - 00000000 ____D () C:\Users\Sheana\Downloads\backups
2014-12-03 14:02 - 2014-11-06 12:35 - 00009077 _____ () C:\Users\Sheana\Downloads\hijackthis.log
2014-12-03 13:55 - 2012-11-14 23:48 - 00000000 ___HD () C:\ASUS.DAT
2014-12-01 20:54 - 2012-11-14 23:48 - 00064024 _____ () C:\Users\Sheana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-28 22:33 - 2014-03-09 10:36 - 00015849 _____ () C:\Users\Sheana\Documents\Sheana work diary 2014.xlsx
2014-11-28 21:31 - 2013-01-10 15:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 21:31 - 2013-01-10 15:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 11:58 - 2014-10-11 13:10 - 00000000 ____D () C:\Users\Sheana\Desktop\New folder
2014-11-27 10:31 - 2013-01-10 15:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 17:43 - 2014-03-29 12:26 - 00000000 ____D () C:\Users\Sheana\AppData\Local\Windows Live
2014-11-25 23:08 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-25 23:03 - 2009-07-14 06:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 12:33 - 2014-04-07 19:31 - 00000000 ____D () C:\Users\Sheana\Desktop\Can Puig
2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ____D () C:\ProgramData\Skype
2014-11-18 08:20 - 2014-10-21 10:27 - 00000000 ____D () C:\Users\Sheana\Desktop\Art finca Arta
2014-11-16 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 09:58 - 2014-05-06 10:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 01:08 - 2013-08-16 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 01:02 - 2012-12-03 17:20 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 22:03 - 2013-08-19 12:45 - 00001025 _____ () C:\Users\Sheana\Desktop\Dropbox.lnk
2014-11-14 22:03 - 2013-05-31 11:43 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 19:25 - 2009-07-14 05:45 - 00294224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 17:46 - 2013-12-25 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Sheana\AppData\Local\Temp\056CCBF4.dll
C:\Users\Sheana\AppData\Local\Temp\07FD19F0.dll
C:\Users\Sheana\AppData\Local\Temp\24AD5182.dll
C:\Users\Sheana\AppData\Local\Temp\3229D439.dll
C:\Users\Sheana\AppData\Local\Temp\379C7640.dll
C:\Users\Sheana\AppData\Local\Temp\4557DA57.dll
C:\Users\Sheana\AppData\Local\Temp\4BFA9C0D.dll
C:\Users\Sheana\AppData\Local\Temp\4D028036.dll
C:\Users\Sheana\AppData\Local\Temp\4D0B44E5.dll
C:\Users\Sheana\AppData\Local\Temp\4D6283E7.dll
C:\Users\Sheana\AppData\Local\Temp\4F34842A.dll
C:\Users\Sheana\AppData\Local\Temp\4F91DED8.dll
C:\Users\Sheana\AppData\Local\Temp\4F948508.dll
C:\Users\Sheana\AppData\Local\Temp\4F9A34F8.dll
C:\Users\Sheana\AppData\Local\Temp\4F9BFA70.dll
C:\Users\Sheana\AppData\Local\Temp\4F9E5FE1.dll
C:\Users\Sheana\AppData\Local\Temp\52A3FC0F.dll
C:\Users\Sheana\AppData\Local\Temp\52AE4FAE.dll
C:\Users\Sheana\AppData\Local\Temp\57D38056.dll
C:\Users\Sheana\AppData\Local\Temp\5C43BB3E.dll
C:\Users\Sheana\AppData\Local\Temp\6030D9FC.dll
C:\Users\Sheana\AppData\Local\Temp\6115573C.dll
C:\Users\Sheana\AppData\Local\Temp\64493233.dll
C:\Users\Sheana\AppData\Local\Temp\644BC0EB.dll
C:\Users\Sheana\AppData\Local\Temp\69E821D9.dll
C:\Users\Sheana\AppData\Local\Temp\6ADC7DFB.dll
C:\Users\Sheana\AppData\Local\Temp\713B9A88.dll
C:\Users\Sheana\AppData\Local\Temp\714DF695.dll
C:\Users\Sheana\AppData\Local\Temp\714F95A5.dll
C:\Users\Sheana\AppData\Local\Temp\7F90DD4C.dll
C:\Users\Sheana\AppData\Local\Temp\978C5214.dll
C:\Users\Sheana\AppData\Local\Temp\9B8A28B8.dll
C:\Users\Sheana\AppData\Local\Temp\B4C50F27.dll
C:\Users\Sheana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnxsem.dll
C:\Users\Sheana\AppData\Local\Temp\E43C8AE9.dll
C:\Users\Sheana\AppData\Local\Temp\FF20E417.dll
C:\Users\Sheana\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-spain.exe
C:\Users\Sheana\AppData\Local\Temp\install_flashplayer12x32au_ltr5x64d_awc_aih.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sheana\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 18:32

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by Sheana at 2014-12-09 16:55:50
Running from C:\Users\Sheana\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Sheana (administrator) on SHEANA-PC on 09-12-2014 16:54:18
Running from C:\Users\Sheana\Downloads
Loaded Profile: Sheana (Available profiles: Sheana & turist)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify] => C:\Users\Sheana\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-21] (Spotify Ltd)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify Web Helper] => C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-21] (Spotify Ltd)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-449824696-1012907402-3947539949-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yah...pe=foxysecurity
SearchScopes: HKU\S-1-5-21-449824696-1012907402-3947539949-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yah...pe=foxysecurity
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Sheana\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852
FF Homepage: https://www.google.es/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\user.js
FF Extension: Web Security Fx - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\antiphising@foxy-foxi.com [2014-11-30]
FF Extension: Lavasoft Search Plugin - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-12]
FF Extension: WOT - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-10]
FF Extension: W-Foxxer - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\{e1bab803-e6d4-4b10-ba4f-3a477d22209a} [2014-11-30]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 16:54 - 2014-12-09 16:55 - 00016454 _____ () C:\Users\Sheana\Downloads\FRST.txt
2014-12-09 16:53 - 2014-12-09 16:54 - 00000000 ____D () C:\FRST
2014-12-09 16:52 - 2014-12-09 16:52 - 02119680 _____ (Farbar) C:\Users\Sheana\Downloads\FRST64.exe
2014-12-03 14:26 - 2014-12-03 15:22 - 00000000 ____D () C:\Users\Sheana\Desktop\avast
2014-12-03 14:01 - 2014-12-03 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sheana\Downloads\HijackThis(1).exe
2014-11-30 21:04 - 2014-12-09 00:39 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\vlc
2014-11-30 21:00 - 2014-11-30 21:01 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Security Systems
2014-11-30 21:00 - 2014-11-30 21:00 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-30 20:56 - 2014-11-30 20:59 - 24743106 _____ () C:\Users\Sheana\Desktop\vlc-2-1-5-win32.exe
2014-11-30 20:55 - 2014-11-30 20:55 - 00371048 _____ () C:\Users\Sheana\Downloads\SoftonicDownloader_para_vlc-media-player.exe
2014-11-30 20:49 - 2014-11-30 20:49 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\WebTest
2014-11-30 19:10 - 2014-11-30 19:10 - 00000000 ____D () C:\Users\Sheana\Documents\ridaproperty-6a24c8
2014-11-30 18:48 - 2014-11-30 19:07 - 162222762 _____ () C:\Users\Sheana\Documents\ridaproperty-6a24c8.zip
2014-11-25 12:15 - 2014-11-26 17:44 - 00000000 ____D () C:\Users\Sheana\Desktop\Juan
2014-11-21 12:50 - 2014-11-21 12:50 - 00000294 _____ () C:\Users\Sheana\Downloads\local council taxes.pdf.URL
2014-11-21 12:31 - 2014-11-21 12:35 - 00000000 ____D () C:\Users\Sheana\Desktop\Scotts
2014-11-18 20:39 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:39 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:39 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:39 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 10:50 - 2014-11-15 10:50 - 00000000 __SHD () C:\Users\Sheana\AppData\Local\EmieBrowserModeList
2014-11-13 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 18:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:14 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 18:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 18:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 18:13 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:13 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:13 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:13 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:13 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 09:40 - 2014-11-11 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 16:47 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 16:47 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 16:45 - 2014-04-23 10:51 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Spotify
2014-12-09 16:42 - 2012-04-15 11:18 - 01128474 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 16:41 - 2013-08-19 12:45 - 00000000 ___RD () C:\Users\Sheana\Dropbox
2014-12-09 16:41 - 2013-05-31 09:18 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Dropbox
2014-12-09 16:40 - 2013-01-09 02:31 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-12-09 16:40 - 2012-12-25 23:41 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Skype
2014-12-09 16:40 - 2012-11-14 23:49 - 00000380 _____ () C:\Users\Sheana\AppData\Roaming\sp_data.sys
2014-12-09 16:39 - 2013-10-28 16:36 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-09 16:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 16:39 - 2009-07-14 05:51 - 00172941 _____ () C:\Windows\setupact.log
2014-12-09 16:35 - 2013-01-10 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 18:37 - 2014-03-06 09:40 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\SoftGrid Client
2014-12-06 19:01 - 2009-07-14 06:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 18:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-03 14:08 - 2013-01-09 00:46 - 00000000 ____D () C:\Users\Sheana\Downloads\backups
2014-12-03 14:02 - 2014-11-06 12:35 - 00009077 _____ () C:\Users\Sheana\Downloads\hijackthis.log
2014-12-03 13:55 - 2012-11-14 23:48 - 00000000 ___HD () C:\ASUS.DAT
2014-12-01 20:54 - 2012-11-14 23:48 - 00064024 _____ () C:\Users\Sheana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-28 22:33 - 2014-03-09 10:36 - 00015849 _____ () C:\Users\Sheana\Documents\Sheana work diary 2014.xlsx
2014-11-28 21:31 - 2013-01-10 15:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 21:31 - 2013-01-10 15:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 11:58 - 2014-10-11 13:10 - 00000000 ____D () C:\Users\Sheana\Desktop\New folder
2014-11-27 10:31 - 2013-01-10 15:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 17:43 - 2014-03-29 12:26 - 00000000 ____D () C:\Users\Sheana\AppData\Local\Windows Live
2014-11-25 23:08 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-25 23:03 - 2009-07-14 06:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 12:33 - 2014-04-07 19:31 - 00000000 ____D () C:\Users\Sheana\Desktop\Can Puig
2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ____D () C:\ProgramData\Skype
2014-11-18 08:20 - 2014-10-21 10:27 - 00000000 ____D () C:\Users\Sheana\Desktop\Art finca Arta
2014-11-16 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 09:58 - 2014-05-06 10:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 01:08 - 2013-08-16 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 01:02 - 2012-12-03 17:20 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 22:03 - 2013-08-19 12:45 - 00001025 _____ () C:\Users\Sheana\Desktop\Dropbox.lnk
2014-11-14 22:03 - 2013-05-31 11:43 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 19:25 - 2009-07-14 05:45 - 00294224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 17:46 - 2013-12-25 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Sheana\AppData\Local\Temp\056CCBF4.dll
C:\Users\Sheana\AppData\Local\Temp\07FD19F0.dll
C:\Users\Sheana\AppData\Local\Temp\24AD5182.dll
C:\Users\Sheana\AppData\Local\Temp\3229D439.dll
C:\Users\Sheana\AppData\Local\Temp\379C7640.dll
C:\Users\Sheana\AppData\Local\Temp\4557DA57.dll
C:\Users\Sheana\AppData\Local\Temp\4BFA9C0D.dll
C:\Users\Sheana\AppData\Local\Temp\4D028036.dll
C:\Users\Sheana\AppData\Local\Temp\4D0B44E5.dll
C:\Users\Sheana\AppData\Local\Temp\4D6283E7.dll
C:\Users\Sheana\AppData\Local\Temp\4F34842A.dll
C:\Users\Sheana\AppData\Local\Temp\4F91DED8.dll
C:\Users\Sheana\AppData\Local\Temp\4F948508.dll
C:\Users\Sheana\AppData\Local\Temp\4F9A34F8.dll
C:\Users\Sheana\AppData\Local\Temp\4F9BFA70.dll
C:\Users\Sheana\AppData\Local\Temp\4F9E5FE1.dll
C:\Users\Sheana\AppData\Local\Temp\52A3FC0F.dll
C:\Users\Sheana\AppData\Local\Temp\52AE4FAE.dll
C:\Users\Sheana\AppData\Local\Temp\57D38056.dll
C:\Users\Sheana\AppData\Local\Temp\5C43BB3E.dll
C:\Users\Sheana\AppData\Local\Temp\6030D9FC.dll
C:\Users\Sheana\AppData\Local\Temp\6115573C.dll
C:\Users\Sheana\AppData\Local\Temp\64493233.dll
C:\Users\Sheana\AppData\Local\Temp\644BC0EB.dll
C:\Users\Sheana\AppData\Local\Temp\69E821D9.dll
C:\Users\Sheana\AppData\Local\Temp\6ADC7DFB.dll
C:\Users\Sheana\AppData\Local\Temp\713B9A88.dll
C:\Users\Sheana\AppData\Local\Temp\714DF695.dll
C:\Users\Sheana\AppData\Local\Temp\714F95A5.dll
C:\Users\Sheana\AppData\Local\Temp\7F90DD4C.dll
C:\Users\Sheana\AppData\Local\Temp\978C5214.dll
C:\Users\Sheana\AppData\Local\Temp\9B8A28B8.dll
C:\Users\Sheana\AppData\Local\Temp\B4C50F27.dll
C:\Users\Sheana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnxsem.dll
C:\Users\Sheana\AppData\Local\Temp\E43C8AE9.dll
C:\Users\Sheana\AppData\Local\Temp\FF20E417.dll
C:\Users\Sheana\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-spain.exe
C:\Users\Sheana\AppData\Local\Temp\install_flashplayer12x32au_ltr5x64d_awc_aih.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sheana\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 18:32

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Sheana (administrator) on SHEANA-PC on 09-12-2014 16:54:18
Running from C:\Users\Sheana\Downloads
Loaded Profile: Sheana (Available profiles: Sheana & turist)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify] => C:\Users\Sheana\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-21] (Spotify Ltd)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify Web Helper] => C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-21] (Spotify Ltd)
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-449824696-1012907402-3947539949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-449824696-1012907402-3947539949-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yah...pe=foxysecurity
SearchScopes: HKU\S-1-5-21-449824696-1012907402-3947539949-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yah...pe=foxysecurity
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Sheana\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852
FF Homepage: https://www.google.es/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\user.js
FF Extension: Web Security Fx - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\antiphising@foxy-foxi.com [2014-11-30]
FF Extension: Lavasoft Search Plugin - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-12]
FF Extension: WOT - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-10]
FF Extension: W-Foxxer - C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\eldxg9nf.default-1359108170852\Extensions\{e1bab803-e6d4-4b10-ba4f-3a477d22209a} [2014-11-30]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 16:54 - 2014-12-09 16:55 - 00016454 _____ () C:\Users\Sheana\Downloads\FRST.txt
2014-12-09 16:53 - 2014-12-09 16:54 - 00000000 ____D () C:\FRST
2014-12-09 16:52 - 2014-12-09 16:52 - 02119680 _____ (Farbar) C:\Users\Sheana\Downloads\FRST64.exe
2014-12-03 14:26 - 2014-12-03 15:22 - 00000000 ____D () C:\Users\Sheana\Desktop\avast
2014-12-03 14:01 - 2014-12-03 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sheana\Downloads\HijackThis(1).exe
2014-11-30 21:04 - 2014-12-09 00:39 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\vlc
2014-11-30 21:00 - 2014-11-30 21:01 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Security Systems
2014-11-30 21:00 - 2014-11-30 21:00 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-30 20:56 - 2014-11-30 20:59 - 24743106 _____ () C:\Users\Sheana\Desktop\vlc-2-1-5-win32.exe
2014-11-30 20:55 - 2014-11-30 20:55 - 00371048 _____ () C:\Users\Sheana\Downloads\SoftonicDownloader_para_vlc-media-player.exe
2014-11-30 20:49 - 2014-11-30 20:49 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\WebTest
2014-11-30 19:10 - 2014-11-30 19:10 - 00000000 ____D () C:\Users\Sheana\Documents\ridaproperty-6a24c8
2014-11-30 18:48 - 2014-11-30 19:07 - 162222762 _____ () C:\Users\Sheana\Documents\ridaproperty-6a24c8.zip
2014-11-25 12:15 - 2014-11-26 17:44 - 00000000 ____D () C:\Users\Sheana\Desktop\Juan
2014-11-21 12:50 - 2014-11-21 12:50 - 00000294 _____ () C:\Users\Sheana\Downloads\local council taxes.pdf.URL
2014-11-21 12:31 - 2014-11-21 12:35 - 00000000 ____D () C:\Users\Sheana\Desktop\Scotts
2014-11-18 20:39 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:39 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:39 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:39 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 10:50 - 2014-11-15 10:50 - 00000000 __SHD () C:\Users\Sheana\AppData\Local\EmieBrowserModeList
2014-11-13 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 18:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:14 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:14 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 18:14 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:14 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 18:14 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 18:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 18:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 18:13 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:13 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:13 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:13 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:13 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 09:40 - 2014-11-11 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 16:47 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 16:47 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 16:45 - 2014-04-23 10:51 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Spotify
2014-12-09 16:42 - 2012-04-15 11:18 - 01128474 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 16:41 - 2013-08-19 12:45 - 00000000 ___RD () C:\Users\Sheana\Dropbox
2014-12-09 16:41 - 2013-05-31 09:18 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Dropbox
2014-12-09 16:40 - 2013-01-09 02:31 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-12-09 16:40 - 2012-12-25 23:41 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Skype
2014-12-09 16:40 - 2012-11-14 23:49 - 00000380 _____ () C:\Users\Sheana\AppData\Roaming\sp_data.sys
2014-12-09 16:39 - 2013-10-28 16:36 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-09 16:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 16:39 - 2009-07-14 05:51 - 00172941 _____ () C:\Windows\setupact.log
2014-12-09 16:35 - 2013-01-10 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 18:37 - 2014-03-06 09:40 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\SoftGrid Client
2014-12-06 19:01 - 2009-07-14 06:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 18:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-03 14:08 - 2013-01-09 00:46 - 00000000 ____D () C:\Users\Sheana\Downloads\backups
2014-12-03 14:02 - 2014-11-06 12:35 - 00009077 _____ () C:\Users\Sheana\Downloads\hijackthis.log
2014-12-03 13:55 - 2012-11-14 23:48 - 00000000 ___HD () C:\ASUS.DAT
2014-12-01 20:54 - 2012-11-14 23:48 - 00064024 _____ () C:\Users\Sheana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-28 22:33 - 2014-03-09 10:36 - 00015849 _____ () C:\Users\Sheana\Documents\Sheana work diary 2014.xlsx
2014-11-28 21:31 - 2013-01-10 15:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 21:31 - 2013-01-10 15:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 11:58 - 2014-10-11 13:10 - 00000000 ____D () C:\Users\Sheana\Desktop\New folder
2014-11-27 10:31 - 2013-01-10 15:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 17:43 - 2014-03-29 12:26 - 00000000 ____D () C:\Users\Sheana\AppData\Local\Windows Live
2014-11-25 23:08 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-25 23:03 - 2009-07-14 06:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 12:33 - 2014-04-07 19:31 - 00000000 ____D () C:\Users\Sheana\Desktop\Can Puig
2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ____D () C:\ProgramData\Skype
2014-11-18 08:20 - 2014-10-21 10:27 - 00000000 ____D () C:\Users\Sheana\Desktop\Art finca Arta
2014-11-16 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 09:58 - 2014-05-06 10:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 01:08 - 2013-08-16 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 01:02 - 2012-12-03 17:20 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 22:03 - 2013-08-19 12:45 - 00001025 _____ () C:\Users\Sheana\Desktop\Dropbox.lnk
2014-11-14 22:03 - 2013-05-31 11:43 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 19:25 - 2009-07-14 05:45 - 00294224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 17:46 - 2013-12-25 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Sheana\AppData\Local\Temp\056CCBF4.dll
C:\Users\Sheana\AppData\Local\Temp\07FD19F0.dll
C:\Users\Sheana\AppData\Local\Temp\24AD5182.dll
C:\Users\Sheana\AppData\Local\Temp\3229D439.dll
C:\Users\Sheana\AppData\Local\Temp\379C7640.dll
C:\Users\Sheana\AppData\Local\Temp\4557DA57.dll
C:\Users\Sheana\AppData\Local\Temp\4BFA9C0D.dll
C:\Users\Sheana\AppData\Local\Temp\4D028036.dll
C:\Users\Sheana\AppData\Local\Temp\4D0B44E5.dll
C:\Users\Sheana\AppData\Local\Temp\4D6283E7.dll
C:\Users\Sheana\AppData\Local\Temp\4F34842A.dll
C:\Users\Sheana\AppData\Local\Temp\4F91DED8.dll
C:\Users\Sheana\AppData\Local\Temp\4F948508.dll
C:\Users\Sheana\AppData\Local\Temp\4F9A34F8.dll
C:\Users\Sheana\AppData\Local\Temp\4F9BFA70.dll
C:\Users\Sheana\AppData\Local\Temp\4F9E5FE1.dll
C:\Users\Sheana\AppData\Local\Temp\52A3FC0F.dll
C:\Users\Sheana\AppData\Local\Temp\52AE4FAE.dll
C:\Users\Sheana\AppData\Local\Temp\57D38056.dll
C:\Users\Sheana\AppData\Local\Temp\5C43BB3E.dll
C:\Users\Sheana\AppData\Local\Temp\6030D9FC.dll
C:\Users\Sheana\AppData\Local\Temp\6115573C.dll
C:\Users\Sheana\AppData\Local\Temp\64493233.dll
C:\Users\Sheana\AppData\Local\Temp\644BC0EB.dll
C:\Users\Sheana\AppData\Local\Temp\69E821D9.dll
C:\Users\Sheana\AppData\Local\Temp\6ADC7DFB.dll
C:\Users\Sheana\AppData\Local\Temp\713B9A88.dll
C:\Users\Sheana\AppData\Local\Temp\714DF695.dll
C:\Users\Sheana\AppData\Local\Temp\714F95A5.dll
C:\Users\Sheana\AppData\Local\Temp\7F90DD4C.dll
C:\Users\Sheana\AppData\Local\Temp\978C5214.dll
C:\Users\Sheana\AppData\Local\Temp\9B8A28B8.dll
C:\Users\Sheana\AppData\Local\Temp\B4C50F27.dll
C:\Users\Sheana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnxsem.dll
C:\Users\Sheana\AppData\Local\Temp\E43C8AE9.dll
C:\Users\Sheana\AppData\Local\Temp\FF20E417.dll
C:\Users\Sheana\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-spain.exe
C:\Users\Sheana\AppData\Local\Temp\install_flashplayer12x32au_ltr5x64d_awc_aih.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sheana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sheana\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 18:32

==================== End Of Log ============================
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bubbletown (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}) (Version:  - Oberon Media)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDP Player (HKLM-x32\...\DDP Player) (Version:  - Sonoris Audio Engineering)
Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version:  - Oberon Media)
Dropbox (HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version:  - Oberon Media)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - ) <==== ATTENTION
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version:  - Oberon Media)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version:  - Oberon Media)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spotify (HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Turbo Fiesta (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}) (Version:  - Oberon Media)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version:  - Oberon Media)
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
????? Windows Live (x32 Version: 15.4.3502.0922 - ?????????? ??????????) Hidden
?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
???? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
???? ??? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????? Windows Live Mesh ActiveX ??? (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-11-2014 19:20:51 Windows Update
14-11-2014 21:02:54 Windows Update
15-11-2014 00:01:18 Windows Update
18-11-2014 19:39:12 Windows Update
18-11-2014 20:15:58 Windows Update
26-11-2014 09:30:25 Scheduled Checkpoint
26-11-2014 14:13:18 Windows Update
02-12-2014 08:03:54 Windows Update
06-12-2014 17:57:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-03-09 20:01 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11268383-50CA-4C61-869F-6549027A8BCA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {69FEA17A-0D13-41B6-8D87-E0EE8F5D6271} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {6EF43067-957C-4823-B94B-80F1EA46514B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B7DF7C94-1A87-44ED-B35D-3D73222C5A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: {D60CC4C2-5AF4-4F19-AB97-CC4C8330A4DA} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {EA7DC2F4-824F-4FAC-9CBE-5B21ABC9A55A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-23] (ASUSTek Computer Inc.)
Task: {EDBBAF12-B588-4014-BE1E-E7677CCFD157} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

==================== Loaded Modules (whitelisted) =============

2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2013-10-28 16:40 - 2013-07-17 18:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-04-22 16:29 - 2014-07-10 09:58 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-04-22 16:29 - 2014-07-10 09:58 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-04-22 16:29 - 2014-07-10 09:58 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-04-22 16:29 - 2014-07-08 16:21 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-05 02:24 - 2011-05-05 13:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-04-23 10:54 - 2014-05-21 18:20 - 36966968 _____ () C:\Users\Sheana\AppData\Roaming\Spotify\Data\libcef.dll
2014-12-09 16:40 - 2014-12-09 16:40 - 00043008 _____ () c:\users\sheana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnxsem.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Sheana\AppData\Roaming\Dropbox\bin\libcef.dll
2012-02-21 22:49 - 2012-02-21 22:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 17:57 - 2010-08-20 17:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 17:57 - 2010-08-20 17:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-11-11 09:40 - 2014-11-11 09:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-28 21:31 - 2014-11-28 21:31 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-449824696-1012907402-3947539949-500 - Administrator - Disabled)
Guest (S-1-5-21-449824696-1012907402-3947539949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-449824696-1012907402-3947539949-1002 - Limited - Enabled)
Sheana (S-1-5-21-449824696-1012907402-3947539949-1000 - Administrator - Enabled) => C:\Users\Sheana
turist (S-1-5-21-449824696-1012907402-3947539949-1003 - Limited - Enabled) => C:\Users\turist

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/09/2014 04:44:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xf78
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/09/2014 04:44:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1370

Start Time: 01d013c6b1302df2

Termination Time: 20

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 4dbbcace-7fba-11e4-ab37-10bf480796fa

Error: (12/09/2014 04:39:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/09/2014 04:39:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/09/2014 04:39:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/09/2014 04:39:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (12/09/2014 00:05:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/03/2014 03:26:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/03/2014 01:48:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2014 03:44:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/02/2014 03:05:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/01/2014 08:53:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/30/2014 11:26:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
%%1115

Error: (11/28/2014 02:06:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/26/2014 05:55:43 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/26/2014 05:54:46 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/09/2014 04:53:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/09/2014 04:44:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425f7801d013c6e5fa9cdbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll52f428c3-7fba-11e4-ab37-10bf480796fa

Error: (12/09/2014 04:44:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.1.0.5423137001d013c6b1302df220C:\Program Files (x86)\Mozilla Firefox\firefox.exe4dbbcace-7fba-11e4-ab37-10bf480796fa

Error: (12/09/2014 04:39:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/09/2014 04:39:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/09/2014 04:39:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/09/2014 04:39:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat


CodeIntegrity Errors:
===================================
  Date: 2013-09-09 15:58:56.396
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atmfd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-09 15:58:56.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atmfd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-08 02:22:43.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-09 20:01:13.150
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-09 20:01:13.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 4000.13 MB
Available physical RAM: 1784.1 MB
Total Pagefile: 7998.43 MB
Available Pagefile: 5484.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:126.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:351.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Thank you very much

 

Jens
 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 December 2014 - 05:12 PM

:welcome:

 

Lets do some basic cleanup and then see where we stand

 

 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 10 December 2014 - 03:13 AM

    Hi Ken

     

    Thank you for your response.

    I ran Malwarebytes already, and had it rid me of detected items, of which there were quite a few. That, though, didn't kick out the ads.

    I then reset my Firefox (problem only was in Firefox, not IE) - and after that the problem stopped. But I'd like to run through those other

    programs as well, and have your advice!

    Will get back to you with logfiles asap.

     

    Thank you

    Jens



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 December 2014 - 06:42 AM

    Morning Jens,

     

    Let me see what Malwarebytes removed as it may offer  clue to as to whats going on

     

    Just do this for the scan you ran that detected and removed all those entries

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread
     
     
    Run AdwCleaner and Junkware removal also


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 10 December 2014 - 10:48 AM

    OK  here are the logs:

     

    AdwCleaner

     

    # AdwCleaner v4.105 - Report created 10/12/2014 at 17:20:12
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-08.2 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Sheana - SHEANA-PC
    # Running from : C:\Users\Sheana\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\SecTaskMan
    Folder Deleted : C:\Users\Sheana\AppData\Local\Temp\Hold Page
    Folder Deleted : C:\Program Files\Uninstaller
    Folder Deleted : C:\Users\Sheana\AppData\LocalLow\IE-BHO
    Folder Deleted : C:\Users\Sheana\AppData\Roaming\Security Systems
    File Deleted : C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\vcg5dmud.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
    Key Deleted : HKCU\Software\Nico Mak Computing
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKLM\SOFTWARE\Nico Mak Computing
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Foxy Secure
    Key Deleted : [x64] HKLM\SOFTWARE\Nico Mak Computing
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\blekko.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nationzoom.com

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v34.0.5 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [1917 octets] - [10/12/2014 17:15:31]
    AdwCleaner[S0].txt - [1814 octets] - [10/12/2014 17:20:12]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1874 octets] ##########
     

    JRT

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Sheana on 10/12/2014 at 17:31:11,04
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\ad-aware browsing protection"
    Successfully deleted: [Folder] "C:\Users\Sheana\appdata\local\adawarebp"
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{0B8FFC21-0C8A-422C-BEB9-F06794B8BA07}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{1F5045B0-218F-4E09-83D7-57E031A83C86}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{2E7D9D3D-072F-4974-9C9E-989F41D188CA}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{3F8A46BD-5E3C-4579-8C0C-E643F0EA0E81}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{4324DF8B-F643-4B7E-AA9F-0BA49806B44B}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{8AC420A8-0AC9-4D8C-93C0-C932F6FA4947}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{AB18EC06-C88E-45B4-B3C9-F72AA5C3E8BF}
    Successfully deleted: [Empty Folder] C:\Users\Sheana\appdata\local\{F167BD92-7C25-4415-955A-C1EE29CD6E6D}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/12/2014 at 17:35:24,59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    I'll send the MalwareBytes separately, as it seems to mess up the whole formatting of the post..

     

    Jens



    #6 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 10 December 2014 - 11:08 AM

    MalwareBytes

     

     

     

    <?xml version="1.0" encoding="UTF-16"?>

    -<mbam-log>


    -<header>

    <date>2014/12/09 19:16:29 +0100</date>

    <logfile>mbam-log-2014-12-09 (19-16-26).xml</logfile>

    <isadmin>yes</isadmin>

    </header>


    -<engine>

    <version>2.00.4.1028</version>

    <malware-database>v2014.12.09.07</malware-database>

    <rootkit-database>v2014.12.08.03</rootkit-database>

    <license>trial</license>

    <file-protection>enabled</file-protection>

    <web-protection>enabled</web-protection>

    <self-protection>disabled</self-protection>

    </engine>


    -<system>

    <osversion>Windows 7 Service Pack 1</osversion>

    <arch>x64</arch>

    <username>Sheana</username>

    <filesys>NTFS</filesys>

    </system>


    -<summary>

    <type>threat</type>

    <result>completed</result>

    <objects>388005</objects>

    <time>1683</time>

    <processes>0</processes>

    <modules>0</modules>

    <keys>4</keys>

    <values>1</values>

    <datas>1</datas>

    <folders>41</folders>

    <files>155</files>

    <sectors>0</sectors>

    </summary>


    -<options>

    <memory>enabled</memory>

    <startup>enabled</startup>

    <filesystem>enabled</filesystem>

    <archives>enabled</archives>

    <rootkits>disabled</rootkits>

    <deeprootkit>disabled</deeprootkit>

    <heuristics>enabled</heuristics>

    <pup>enabled</pup>

    <pum>enabled</pum>

    </options>


    -<items>


    -<key>

    <path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3</path>

    <vendor>PUP.Optional.PlusHD.A</vendor>

    <action>success</action>

    <hash>cefd9bc5106cf83e8a1c116d689b4bb5</hash>

    </key>


    -<key>

    <path>HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic</path>

    <vendor>PUP.Optional.Softonic.A</vendor>

    <action>success</action>

    <hash>547785db59234cea6df22e1c867d1be5</hash>

    </key>


    -<key>

    <path>HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path>

    <vendor>PUP.Optional.InstallCore.A</vendor>

    <action>success</action>

    <hash>78531848d1ab989e9f892764768db34d</hash>

    </key>


    -<key>

    <path>HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path>

    <vendor>PUP.Optional.InstallCore.A</vendor>

    <action>success</action>

    <hash>3c8f5d03d5a7082e4604326fa460a45c</hash>

    </key>


    -<value>

    <path>HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path>

    <valuename>tb</valuename>

    <vendor>PUP.Optional.InstallCore.A</vendor>

    <action>success</action>

    <valuedata>0Z1B1L2Z1S</valuedata>

    <hash>3c8f5d03d5a7082e4604326fa460a45c</hash>

    </value>


    -<data>

    <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>

    <valuename>DefaultScope</valuename>

    <vendor>PUP.Optional.Qone8</vendor>

    <action>replaced</action>

    <valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata>

    <baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata>

    <gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata>

    <hash>34974b15cfad25115dd690d771941be5</hash>

    </data>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\Plus-HD-1.3</path>

    <vendor>PUP.Optional.PlusHD.A</vendor>

    <action>success</action>

    <hash>b615f66aa4d812243a89e63846bda45c</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\AddedAppDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DefualtImages</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DetectedAppDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\EngineFirstTimeDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarUntrustedAppsApprovalDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UninstallDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAddedAppDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppApprovalDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppPendingDialog</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Logs</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\MyStuffApps</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\AppsMetaData</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\DynamicDialogs</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarLogin</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarSettings</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es\ToolbarTranslation</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </folder>


    -<folder>

    <path>C:\Program Files (x86)\uTorrentBar_ES</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>1bb0a1bf245884b234b97ec207fc46ba</hash>

    </folder>


    -<file>

    <path>C:\Program Files\Uninstaller\Uninstall.exe</path>

    <vendor>PUP.Optional.DomaIQ</vendor>

    <action>success</action>

    <hash>bc0fc39dceaeed495c723fe230d56e92</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\Downloads\SoftonicDownloader_para_vlc-media-player.exe</path>

    <vendor>PUP.Optional.Softonic</vendor>

    <action>success</action>

    <hash>f9d2e27ebdbf8ea83b73c2984bb5a759</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\Downloads\install_setup.exe</path>

    <vendor>PUP.Optional.ViddyHD.A</vendor>

    <action>success</action>

    <hash>ac1f1a4680fc85b156dd362f2ad72bd5</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ThirdPartyComponents.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552502181250_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552614056250_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552723118750_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827565870150000_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827655684775000_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161798257141250_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634244832697856250_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_images_634818276703517629_24PX_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634226715423943750_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552376087500_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161799307581250_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161801077882500_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826753881225000_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826758646068750_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634215803994037500_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634219291587531250_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_eula_png.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\RoundedCornersIE9.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\generalDialogStyle.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\RoundedCorners.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\version.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\AddedAppDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DefualtImages\icon.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DetectedAppDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\EngineFirstTimeDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\EngineFirstTimeDialog\right-click.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\SearchProtector.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images\ok-button.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images\separation-line.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images\warning.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\bubble.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\information.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\SearchProtector.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images\info.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images\ok-on.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images\ok.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\arrow.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\divider.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\facebook.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAddedAppDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppApprovalDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppPendingDialog\main.html</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\AccountTypes.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\aol.com.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\comcast.net.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\google.com.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\hotmail.com.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\yahoo.com.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=es.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=es.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=es.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=es.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\AppsMetaData\data.bck.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\AppsMetaData\data.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\DynamicDialogs\data.bck.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\DynamicDialogs\data.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarLogin\data.bck.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarLogin\data.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarSettings\data.bck.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarSettings\data.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es\ToolbarTranslation\data.bck.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es\ToolbarTranslation\data.txt</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cbc_ca_lineup_latest_xml.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cnn_com_rss_cnn_latest_rss_history.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_news_yahoo_com_rss_world.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_news_yahoo_com_rss_world_history.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_news_yahoo_com_rss_world_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___worldpress_org_feeds_topstories_xml.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_history.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_history.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_reuters_com_reuters_topNews.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>11bab4ac2458a88e7e6e96aaed16d32d</hash>

    </file>


    -<file>

    <path>C:\Program Files (x86)\uTorrentBar_ES\GottenAppsContextMenu.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>1bb0a1bf245884b234b97ec207fc46ba</hash>

    </file>


    -<file>

    <path>C:\Program Files (x86)\uTorrentBar_ES\OtherAppsContextMenu.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>1bb0a1bf245884b234b97ec207fc46ba</hash>

    </file>


    -<file>

    <path>C:\Program Files (x86)\uTorrentBar_ES\SharedAppsContextMenu.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>1bb0a1bf245884b234b97ec207fc46ba</hash>

    </file>


    -<file>

    <path>C:\Program Files (x86)\uTorrentBar_ES\ToolbarContextMenu.xml</path>

    <vendor>PUP.Optional.uTorrentBar.A</vendor>

    <action>success</action>

    <hash>1bb0a1bf245884b234b97ec207fc46ba</hash>

    </file>

    </items>

    </mbam-log>

     

     

    Sorry bout the  formatting!



    #7 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 December 2014 - 11:16 AM

    Yep, its hard to read Malwarebytes, when you follow my instructions for finding the log, after you copy to clipboard open up Notepad and paste there then you can attach it to your next post



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #8 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 11 December 2014 - 07:40 AM

    Hi

     

    Sorry about the delay - I thought, I posted something yesterday, but it seems to not have happened. My problem with the Malwarebytes logfile

    was, that I couldn't find that particular log (the first scan, I did) in History. Thus I had to find it in Programdata, where it's xml. I will look for a program to convert it into a .txt file, and post it.

     

    Jens



    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 December 2014 - 07:48 AM

    Thats fine, not to worry.

     

    Looks like a lot of entries where from uTorrent, just a heads up but P2P (File Sharing) is very dangerous, your downloading that file from an unknown location and not all but the greater percentage of them contain malware of some sorts, its like playing Russian Roulette Malwarewise.

     

    Go ahead and run a new scan with FRST, be sure to checkmark Additions and post both logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #10 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 11 December 2014 - 09:21 AM

    Yes, I noticed all that uTorrent stuff. I never use uTorrent, so God knows where it came from..

     

     

    Here goes

     

    FRST.txt:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
    Ran by Sheana (administrator) on SHEANA-PC on 11-12-2014 16:15:12
    Running from C:\Users\Sheana\Desktop
    Loaded Profile: Sheana (Available profiles: Sheana & turist)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
    (Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\spotify.exe
    (Spotify Ltd) C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (Dropbox, Inc.) C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\Sheana\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
    HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
    HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
    HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify] => C:\Users\Sheana\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-21] (Spotify Ltd)
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Spotify Web Helper] => C:\Users\Sheana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-21] (Spotify Ltd)
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
    Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Sheana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
    ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-449824696-1012907402-3947539949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Sheana\AppData\LocalLow\IE-BHO\bho.dll No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sheana\AppData\Roaming\Mozilla\Firefox\Profiles\1echazo5.default-1418153409942
    FF Homepage: https://www.google.es/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-07-17] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-11] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-11 16:15 - 2014-12-11 16:15 - 00015410 _____ () C:\Users\Sheana\Desktop\FRST.txt
    2014-12-11 16:12 - 2014-12-11 16:13 - 02119680 _____ (Farbar) C:\Users\Sheana\Desktop\FRST64(1).exe
    2014-12-10 17:36 - 2014-12-10 17:36 - 00000000 ____D () C:\Users\Sheana\Desktop\JRT
    2014-12-10 17:15 - 2014-12-10 17:28 - 00000000 ____D () C:\Users\Sheana\Desktop\AdwClean
    2014-12-10 17:15 - 2014-12-10 17:20 - 00000000 ____D () C:\AdwCleaner
    2014-12-10 16:34 - 2014-12-10 16:34 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-10 10:53 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-10 10:53 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-10 10:37 - 2014-12-11 16:04 - 00000000 ____D () C:\Users\Sheana\Desktop\MalwareBytes
    2014-12-10 10:10 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-10 10:10 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-10 10:10 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-10 10:10 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-10 10:10 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-10 10:10 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-10 10:10 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-10 10:10 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-10 10:10 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-10 10:10 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-10 10:10 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 10:10 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-10 10:10 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 10:10 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-10 10:10 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 10:10 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-10 10:10 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-10 10:10 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 10:10 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-10 10:10 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 10:10 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-10 10:10 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-10 10:10 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 10:10 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-10 10:10 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-10 10:10 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-10 10:10 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 10:10 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-10 10:10 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-10 10:10 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-10 10:10 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 10:10 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-10 10:10 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-10 10:10 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-10 10:10 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 10:10 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-10 10:10 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-10 10:10 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-10 10:10 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-10 10:10 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-10 10:10 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-10 10:10 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-10 10:10 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 10:10 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-10 10:10 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-10 10:10 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 10:10 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-10 10:10 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 10:10 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-10 10:10 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-10 10:10 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-10 10:10 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-10 10:10 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-10 10:10 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 10:10 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-10 10:10 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-10 10:10 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-10 10:10 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 10:10 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-10 10:10 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-10 10:10 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-10 10:10 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-10 10:10 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-10 10:10 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 10:10 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 10:10 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-10 10:10 - 2014-10-30 03:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-12-10 10:10 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-12-10 10:09 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 10:06 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 10:06 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 10:06 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-10 10:06 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-10 10:06 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-10 10:06 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-10 10:06 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-10 10:06 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-10 10:06 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-10 10:06 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-10 10:06 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-10 10:06 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-10 10:06 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-10 10:06 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-09 19:15 - 2014-12-11 15:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-09 19:14 - 2014-12-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-09 19:14 - 2014-12-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-09 19:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-09 19:14 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-09 19:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-09 19:12 - 2014-12-09 19:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sheana\Downloads\mbam-setup-2.0.4.1028.exe
    2014-12-09 18:40 - 2014-12-09 18:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-09 17:00 - 2014-12-09 17:01 - 00000000 ____D () C:\Users\Sheana\Desktop\Farbar
    2014-12-09 16:55 - 2014-12-09 17:01 - 00112855 _____ () C:\Users\Sheana\Downloads\Addition.txt
    2014-12-09 16:54 - 2014-12-09 16:56 - 00037785 _____ () C:\Users\Sheana\Downloads\FRST.txt
    2014-12-09 16:53 - 2014-12-11 16:15 - 00000000 ____D () C:\FRST
    2014-12-09 16:52 - 2014-12-09 16:52 - 02119680 _____ (Farbar) C:\Users\Sheana\Downloads\FRST64.exe
    2014-12-03 14:26 - 2014-12-03 15:22 - 00000000 ____D () C:\Users\Sheana\Desktop\avast
    2014-12-03 14:01 - 2014-12-03 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sheana\Downloads\HijackThis(1).exe
    2014-11-30 21:04 - 2014-12-09 00:39 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\vlc
    2014-11-30 21:00 - 2014-11-30 21:00 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
    2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2014-11-30 21:00 - 2014-11-30 21:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2014-11-30 20:56 - 2014-11-30 20:59 - 24743106 _____ () C:\Users\Sheana\Desktop\vlc-2-1-5-win32.exe
    2014-11-30 20:49 - 2014-11-30 20:49 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\WebTest
    2014-11-30 19:10 - 2014-11-30 19:10 - 00000000 ____D () C:\Users\Sheana\Documents\ridaproperty-6a24c8
    2014-11-30 18:48 - 2014-11-30 19:07 - 162222762 _____ () C:\Users\Sheana\Documents\ridaproperty-6a24c8.zip
    2014-11-25 12:15 - 2014-12-09 20:45 - 00000000 ____D () C:\Users\Sheana\Desktop\Juan
    2014-11-21 12:50 - 2014-11-21 12:50 - 00000294 _____ () C:\Users\Sheana\Downloads\local council taxes.pdf.URL
    2014-11-21 12:31 - 2014-11-21 12:35 - 00000000 ____D () C:\Users\Sheana\Desktop\Scotts
    2014-11-18 20:39 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 20:39 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 20:39 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-18 20:39 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-15 10:50 - 2014-11-15 10:50 - 00000000 __SHD () C:\Users\Sheana\AppData\Local\EmieBrowserModeList
    2014-11-13 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-13 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-13 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-13 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-13 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-13 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-13 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-13 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-13 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-13 18:14 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-13 18:14 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-13 18:14 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-13 18:14 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-13 18:14 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-13 18:14 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-13 18:14 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-13 18:14 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-13 18:14 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-13 18:14 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-13 18:14 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-13 18:14 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-13 18:14 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-13 18:14 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-13 18:14 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-13 18:14 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-13 18:14 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-13 18:14 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-13 18:14 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-13 18:14 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-13 18:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-13 18:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-13 18:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-13 18:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-13 18:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-13 18:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-13 18:13 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-13 18:13 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-13 18:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-13 18:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-13 18:13 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-13 18:13 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-13 18:13 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-11 15:59 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-11 15:59 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-11 15:57 - 2014-04-23 10:51 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Spotify
    2014-12-11 15:56 - 2012-11-14 23:49 - 00000380 _____ () C:\Users\Sheana\AppData\Roaming\sp_data.sys
    2014-12-11 15:55 - 2012-04-15 11:18 - 01911250 _____ () C:\Windows\WindowsUpdate.log
    2014-12-11 15:53 - 2013-08-19 12:45 - 00000000 ___RD () C:\Users\Sheana\Dropbox
    2014-12-11 15:53 - 2013-05-31 09:18 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Dropbox
    2014-12-11 15:52 - 2013-10-28 16:36 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2014-12-11 15:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-11 15:51 - 2009-07-14 05:51 - 00173669 _____ () C:\Windows\setupact.log
    2014-12-11 14:31 - 2013-01-10 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-11 14:30 - 2012-12-25 23:41 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Skype
    2014-12-11 02:00 - 2014-10-18 12:35 - 00000000 ____D () C:\Users\Sheana\AppData\Local\Adobe
    2014-12-11 02:00 - 2013-01-10 15:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-11 02:00 - 2013-01-10 15:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-11 02:00 - 2013-01-10 15:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-11 01:11 - 2013-08-19 12:45 - 00001025 _____ () C:\Users\Sheana\Desktop\Dropbox.lnk
    2014-12-11 01:11 - 2013-05-31 11:43 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-12-10 17:32 - 2013-01-09 02:31 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
    2014-12-10 17:21 - 2011-10-19 04:20 - 00353786 _____ () C:\Windows\PFRO.log
    2014-12-10 16:35 - 2014-05-06 10:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-10 16:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-10 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-10 11:01 - 2013-08-16 10:35 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 10:54 - 2012-12-03 17:20 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-09 19:14 - 2013-01-10 20:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-09 18:54 - 2013-12-25 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-09 18:53 - 2014-03-06 09:40 - 00000000 ____D () C:\Users\Sheana\AppData\Roaming\SoftGrid Client
    2014-12-06 19:01 - 2009-07-14 06:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-06 18:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-03 14:08 - 2013-01-09 00:46 - 00000000 ____D () C:\Users\Sheana\Downloads\backups
    2014-12-03 14:02 - 2014-11-06 12:35 - 00009077 _____ () C:\Users\Sheana\Downloads\hijackthis.log
    2014-12-03 13:55 - 2012-11-14 23:48 - 00000000 ___HD () C:\ASUS.DAT
    2014-12-01 20:54 - 2012-11-14 23:48 - 00064024 _____ () C:\Users\Sheana\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-28 22:33 - 2014-03-09 10:36 - 00015849 _____ () C:\Users\Sheana\Documents\Sheana work diary 2014.xlsx
    2014-11-28 11:58 - 2014-10-11 13:10 - 00000000 ____D () C:\Users\Sheana\Desktop\New folder
    2014-11-26 17:43 - 2014-03-29 12:26 - 00000000 ____D () C:\Users\Sheana\AppData\Local\Windows Live
    2014-11-25 23:08 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-11-25 23:03 - 2009-07-14 06:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-25 12:33 - 2014-04-07 19:31 - 00000000 ____D () C:\Users\Sheana\Desktop\Can Puig
    2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-11-19 18:50 - 2012-12-25 23:41 - 00000000 ____D () C:\ProgramData\Skype
    2014-11-18 08:20 - 2014-10-21 10:27 - 00000000 ____D () C:\Users\Sheana\Desktop\Art finca Arta
    2014-11-16 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-14 19:25 - 2009-07-14 05:45 - 00294224 _____ () C:\Windows\system32\FNTCACHE.DAT

    Some content of TEMP:
    ====================
    C:\Users\Sheana\AppData\Local\Temp\056CCBF4.dll
    C:\Users\Sheana\AppData\Local\Temp\07FD19F0.dll
    C:\Users\Sheana\AppData\Local\Temp\24AD5182.dll
    C:\Users\Sheana\AppData\Local\Temp\3229D439.dll
    C:\Users\Sheana\AppData\Local\Temp\379C7640.dll
    C:\Users\Sheana\AppData\Local\Temp\4557DA57.dll
    C:\Users\Sheana\AppData\Local\Temp\4BFA9C0D.dll
    C:\Users\Sheana\AppData\Local\Temp\4D028036.dll
    C:\Users\Sheana\AppData\Local\Temp\4D0B44E5.dll
    C:\Users\Sheana\AppData\Local\Temp\4D6283E7.dll
    C:\Users\Sheana\AppData\Local\Temp\4F34842A.dll
    C:\Users\Sheana\AppData\Local\Temp\4F91DED8.dll
    C:\Users\Sheana\AppData\Local\Temp\4F948508.dll
    C:\Users\Sheana\AppData\Local\Temp\4F9A34F8.dll
    C:\Users\Sheana\AppData\Local\Temp\4F9BFA70.dll
    C:\Users\Sheana\AppData\Local\Temp\4F9E5FE1.dll
    C:\Users\Sheana\AppData\Local\Temp\52A3FC0F.dll
    C:\Users\Sheana\AppData\Local\Temp\52AE4FAE.dll
    C:\Users\Sheana\AppData\Local\Temp\57D38056.dll
    C:\Users\Sheana\AppData\Local\Temp\5C43BB3E.dll
    C:\Users\Sheana\AppData\Local\Temp\6030D9FC.dll
    C:\Users\Sheana\AppData\Local\Temp\6115573C.dll
    C:\Users\Sheana\AppData\Local\Temp\64493233.dll
    C:\Users\Sheana\AppData\Local\Temp\644BC0EB.dll
    C:\Users\Sheana\AppData\Local\Temp\69E821D9.dll
    C:\Users\Sheana\AppData\Local\Temp\6ADC7DFB.dll
    C:\Users\Sheana\AppData\Local\Temp\713B9A88.dll
    C:\Users\Sheana\AppData\Local\Temp\714DF695.dll
    C:\Users\Sheana\AppData\Local\Temp\714F95A5.dll
    C:\Users\Sheana\AppData\Local\Temp\7F90DD4C.dll
    C:\Users\Sheana\AppData\Local\Temp\978C5214.dll
    C:\Users\Sheana\AppData\Local\Temp\9B8A28B8.dll
    C:\Users\Sheana\AppData\Local\Temp\B4C50F27.dll
    C:\Users\Sheana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwtppi.dll
    C:\Users\Sheana\AppData\Local\Temp\E43C8AE9.dll
    C:\Users\Sheana\AppData\Local\Temp\FF20E417.dll
    C:\Users\Sheana\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-spain.exe
    C:\Users\Sheana\AppData\Local\Temp\install_flashplayer12x32au_ltr5x64d_awc_aih.exe
    C:\Users\Sheana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Sheana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Sheana\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Sheana\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sheana\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Sheana\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Sheana\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-08 18:32

    ==================== End Of Log ============================

     

    Addition.txt:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 01
    Ran by Sheana at 2014-12-11 16:16:16
    Running from C:\Users\Sheana\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
    Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
    AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
    AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
    ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
    ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
    ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Bubbletown (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}) (Version:  - Oberon Media)
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DDP Player (HKLM-x32\...\DDP Player) (Version:  - Sonoris Audio Engineering)
    Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version:  - Oberon Media)
    Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
    Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version:  - Oberon Media)
    Dropbox (HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version:  - Oberon Media)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
    Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version:  - Oberon Media)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version:  - Oberon Media)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
    Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version:  - Oberon Media)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
    Spotify (HKU\S-1-5-21-449824696-1012907402-3947539949-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
    Turbo Fiesta (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}) (Version:  - Oberon Media)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
    World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version:  - Oberon Media)
    Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    18-11-2014 19:39:12 Windows Update
    18-11-2014 20:15:58 Windows Update
    26-11-2014 09:30:25 Scheduled Checkpoint
    26-11-2014 14:13:18 Windows Update
    02-12-2014 08:03:54 Windows Update
    06-12-2014 17:57:25 Windows Update
    10-12-2014 09:52:06 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2013-03-09 20:01 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {11268383-50CA-4C61-869F-6549027A8BCA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
    Task: {69FEA17A-0D13-41B6-8D87-E0EE8F5D6271} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
    Task: {6EF43067-957C-4823-B94B-80F1EA46514B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {B7DF7C94-1A87-44ED-B35D-3D73222C5A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
    Task: {D60CC4C2-5AF4-4F19-AB97-CC4C8330A4DA} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    Task: {EA7DC2F4-824F-4FAC-9CBE-5B21ABC9A55A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-23] (ASUSTek Computer Inc.)
    Task: {EDBBAF12-B588-4014-BE1E-E7677CCFD157} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
    2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
    2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
    2013-10-28 16:40 - 2013-07-17 18:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
    2014-06-05 15:48 - 2014-07-08 09:22 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
    2014-06-05 15:48 - 2014-07-08 09:22 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
    2014-06-05 15:48 - 2014-07-08 09:22 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
    2014-06-05 15:48 - 2014-07-08 09:22 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
    2014-10-15 13:03 - 2014-10-15 13:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
    2012-03-05 02:24 - 2011-05-05 13:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
    2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
    2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
    2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2014-04-23 10:54 - 2014-05-21 18:20 - 36966968 _____ () C:\Users\Sheana\AppData\Roaming\Spotify\Data\libcef.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Sheana\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2014-12-11 15:53 - 2014-12-11 15:53 - 00043008 _____ () c:\users\sheana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwtppi.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Sheana\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Sheana\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Sheana\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2012-02-21 22:49 - 2012-02-21 22:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2010-08-20 17:57 - 2010-08-20 17:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2010-08-20 17:57 - 2010-08-20 17:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2014-12-09 18:40 - 2014-12-09 18:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-449824696-1012907402-3947539949-500 - Administrator - Disabled)
    Guest (S-1-5-21-449824696-1012907402-3947539949-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-449824696-1012907402-3947539949-1002 - Limited - Enabled)
    Sheana (S-1-5-21-449824696-1012907402-3947539949-1000 - Administrator - Enabled) => C:\Users\Sheana
    turist (S-1-5-21-449824696-1012907402-3947539949-1003 - Limited - Enabled) => C:\Users\turist

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
     DETAIL - The configuration registry database is corrupt.

    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

     DETAIL - The configuration registry database is corrupt.
     for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
     DETAIL - The configuration registry database is corrupt.

    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

     DETAIL - The configuration registry database is corrupt.
     for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 03:52:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
     DETAIL - The configuration registry database is corrupt.

    Error: (12/11/2014 03:52:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

     DETAIL - The configuration registry database is corrupt.
     for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 03:52:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
     DETAIL - The configuration registry database is corrupt.

    Error: (12/11/2014 03:52:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

     DETAIL - The configuration registry database is corrupt.
     for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 02:46:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
     DETAIL - The configuration registry database is corrupt.

    Error: (12/11/2014 02:46:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

     DETAIL - The configuration registry database is corrupt.
     for C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat


    System errors:
    =============
    Error: (12/10/2014 06:54:56 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================
    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (12/11/2014 04:14:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 03:52:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (12/11/2014 03:52:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 03:52:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (12/11/2014 03:52:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (12/11/2014 02:46:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (12/11/2014 02:46:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Sheana\AppData\Local\Microsoft\Windows\\UsrClass.dat


    CodeIntegrity Errors:
    ===================================
      Date: 2013-09-09 15:58:56.396
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atmfd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-09-09 15:58:56.384
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atmfd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-09-08 02:22:43.805
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-03-09 20:01:13.150
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-03-09 20:01:13.103
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel® Pentium® CPU B950 @ 2.10GHz
    Percentage of memory in use: 55%
    Total physical RAM: 4000.13 MB
    Available physical RAM: 1766.5 MB
    Total Pagefile: 7998.43 MB
    Available Pagefile: 5389.69 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:127.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:351.91 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E3102A4B)
    Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
    Partition 2: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=394.2 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


      Advertisements

    Register to Remove


    #11 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 11 December 2014 - 09:23 AM

    PS.  I have converted the MalwareBytes log into txt, if you want, I post it.



    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 December 2014 - 09:57 AM

    Yes, go ahead and post it, I am looking over your FRST log now



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 December 2014 - 10:16 AM

    Run this quick fix, be sure to save the Fixlist attachment to the same directory that you have FRST, then open FRST and click on FIX

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 jensaxel

    jensaxel

      Authentic Member

    • Authentic Member
    • PipPip
    • 160 posts

    Posted 14 December 2014 - 01:22 PM

    Okay here's the first MalwareBytes log:

     

     

    path,vendor,action,hash,
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3,PUP.Optional.PlusHD.A,success,cefd9bc5106cf83e8a1c116d689b4bb5,
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic,PUP.Optional.Softonic.A,success,547785db59234cea6df22e1c867d1be5,
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S,PUP.Optional.InstallCore.A,success,78531848d1ab989e9f892764768db34d,
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE,PUP.Optional.InstallCore.A,success,3c8f5d03d5a7082e4604326fa460a45c,
    path,vendor,action,hash,
    C:\Users\Sheana\AppData\LocalLow\Plus-HD-1.3,PUP.Optional.PlusHD.A,success,b615f66aa4d812243a89e63846bda45c,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\AddedAppDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DefualtImages,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DetectedAppDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\EngineFirstTimeDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarUntrustedAppsApprovalDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UninstallDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAddedAppDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppApprovalDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppPendingDialog,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Logs,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\MyStuffApps,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B},PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\AppsMetaData,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\DynamicDialogs,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarLogin,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarSettings,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es\ToolbarTranslation,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Program Files (x86)\uTorrentBar_ES,PUP.Optional.uTorrentBar.A,success,1bb0a1bf245884b234b97ec207fc46ba,
    path,vendor,action,hash,
    C:\Program Files\Uninstaller\Uninstall.exe,PUP.Optional.DomaIQ,success,bc0fc39dceaeed495c723fe230d56e92,
    C:\Users\Sheana\Downloads\SoftonicDownloader_para_vlc-media-player.exe,PUP.Optional.Softonic,success,f9d2e27ebdbf8ea83b73c2984bb5a759,
    C:\Users\Sheana\Downloads\install_setup.exe,PUP.Optional.ViddyHD.A,success,ac1f1a4680fc85b156dd362f2ad72bd5,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ThirdPartyComponents.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552502181250_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552614056250_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552723118750_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827565870150000_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827655684775000_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161798257141250_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634244832697856250_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_images_634818276703517629_24PX_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634226715423943750_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552376087500_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161799307581250_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161801077882500_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826753881225000_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826758646068750_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634215803994037500_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_19_285_CT2851619_Images_634219291587531250_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_eula_png.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\RoundedCornersIE9.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\generalDialogStyle.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\RoundedCorners.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\version.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\AddedAppDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DefualtImages\icon.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\DetectedAppDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\EngineFirstTimeDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\EngineFirstTimeDialog\right-click.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\SearchProtector.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images\ok-button.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images\separation-line.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\NewSearchProtectorDialog\images\warning.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\bubble.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\information.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\SearchProtector.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images\info.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images\ok-on.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorDialog\Images\ok.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\arrow.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\divider.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\facebook.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAddedAppDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppApprovalDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Dialogs\UntrustedAppPendingDialog\main.html,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\AccountTypes.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\aol.com.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\comcast.net.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\google.com.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\hotmail.com.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\EmailNotifier\yahoo.com.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=es.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=es.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=es.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=es.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\AppsMetaData\data.bck.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\AppsMetaData\data.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\DynamicDialogs\data.bck.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\DynamicDialogs\data.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarLogin\data.bck.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarLogin\data.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarSettings\data.bck.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_CT2851619\ToolbarSettings\data.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es\ToolbarTranslation\data.bck.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Repository\conduit_CT2851619_es\ToolbarTranslation\data.txt,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cbc_ca_lineup_latest_xml.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cnn_com_rss_cnn_latest_rss_history.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_news_yahoo_com_rss_world.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_news_yahoo_com_rss_world_history.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___rss_news_yahoo_com_rss_world_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___worldpress_org_feeds_topstories_xml.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_history.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_history.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_reuters_com_reuters_topNews.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Users\Sheana\AppData\LocalLow\uTorrentBar_ES\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml,PUP.Optional.uTorrentBar.A,success,11bab4ac2458a88e7e6e96aaed16d32d,
    C:\Program Files (x86)\uTorrentBar_ES\GottenAppsContextMenu.xml,PUP.Optional.uTorrentBar.A,success,1bb0a1bf245884b234b97ec207fc46ba,
    C:\Program Files (x86)\uTorrentBar_ES\OtherAppsContextMenu.xml,PUP.Optional.uTorrentBar.A,success,1bb0a1bf245884b234b97ec207fc46ba,
    C:\Program Files (x86)\uTorrentBar_ES\SharedAppsContextMenu.xml,PUP.Optional.uTorrentBar.A,success,1bb0a1bf245884b234b97ec207fc46ba,
    C:\Program Files (x86)\uTorrentBar_ES\ToolbarContextMenu.xml,PUP.Optional.uTorrentBar.A,success,1bb0a1bf245884b234

     

     

    And the log from the fixing (FRST):

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014
    Ran by Sheana at 2014-12-14 12:17:27 Run:2
    Running from C:\Users\Sheana\Desktop\Farbar
    Loaded Profile: Sheana (Available profiles: Sheana & turist)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKU\S-1-5-21-449824696-1012907402-3947539949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Sheana\AppData\LocalLow\IE-BHO\bho.dll No File
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    "HKU\S-1-5-21-449824696-1012907402-3947539949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0025320D-4D37-4C73-9A5C-0C28F04068A3}" => Key not found.
    "HKCR\Wow6432Node\CLSID\{0025320D-4D37-4C73-9A5C-0C28F04068A3}" => Key not found.

    =========  ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 23.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====



    #15 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 December 2014 - 01:40 PM

    Did you have Malwarebytes delete all those entries , it usually shows on the log as Quarantined, if not run it again and make sure Malwarebytes removes it all

     

    Then go ahead and run a new scan with FRST, be sure to checkmark Additions and post both logs 



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users