My son is gettng into gaming and downloading softwares for games, recording and broadcasting youtube vids. Startup takes 5 minutes plus. It's got our computer running at a snails pace, and the IE or Google Chrome browser gets redirected to www-searching.com. I can't get rid of it. Executing other programs is almost non existent. Typing lags by 2-3 seconds.
I've updated Malwarbytes and found some pups and some malware. I updated Avast (free) and ran it and found other virus'. I'm positive his software download technique (hit next, next, next ....) is NOT custom and I'm getting alot of unwanted "add-ons" I don't want and making a mess of the computer. I really want to get the computer "clean", minimized startup time, get our needed programs to run much faster as they used to. He's going to get his own gaming computer and I need to instruct him on keeping his computer from getting like what we have now.
I'll be running Hijack This and post results. Edit, I will not run Hijack This first. I will post results from asw,MBR and FRST.
Thanks, Fred
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-17 13:23:53
-----------------------------
13:23:53.127 OS Version: Windows x64 6.1.7601 Service Pack 1
13:23:53.127 Number of processors: 2 586 0x170A
13:23:53.127 ComputerName: BLY4-PC UserName: Bly4
13:23:56.840 Initialize success
13:23:56.855 VM: initialized successfully
13:23:56.855 VM: Intel CPU virtualization not supported
13:24:00.443 AVAST engine defs: 15011701
13:24:31.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:24:31.269 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
13:24:31.659 Disk 0 MBR read successfully
13:24:31.659 Disk 0 MBR scan
13:24:31.674 Disk 0 unknown MBR code
13:24:31.721 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:24:31.737 Disk 0 default boot code
13:24:31.768 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461435 MB offset 409600
13:24:31.815 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15304 MB offset 945428480
13:24:32.002 Disk 0 scanning C:\Windows\system32\drivers
13:24:59.943 Service scanning
13:25:42.368 Modules scanning
13:25:42.384 Disk 0 trace - called modules:
13:25:42.399 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
13:25:42.415 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800580a060]
13:25:42.431 3 CLASSPNP.SYS[fffff880010f943f] -> nt!IofCallDriver -> [0xfffffa8005809930]
13:25:42.431 5 hpdskflt.sys[fffff88002319289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b2d050]
13:25:43.429 AVAST engine scan C:\Windows
13:26:02.367 AVAST engine scan C:\Windows\system32
13:31:10.667 AVAST engine scan C:\Windows\system32\drivers
13:31:31.247 AVAST engine scan C:\Users\Bly4
14:27:00.926 AVAST engine scan C:\ProgramData
14:46:07.118 Disk 0 statistics 6867491/0/0 @ 0.82 MB/s
14:46:07.165 Scan finished successfully
14:50:12.460 Disk 0 MBR has been saved successfully to "C:\Users\Bly4\Videos\Desktop\MBR.dat"
14:50:12.460 The log file has been saved successfully to "C:\Users\Bly4\Videos\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Bly4 (administrator) on BLY4-PC on 17-01-2015 15:01:16
Running from C:\Users\Bly4\Downloads
Loaded Profiles: Bly4 (Available profiles: Bly4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Bly4\Videos\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Run: [GoogleChromeAutoLaunch_76C729D2CF1D184427F8EA5874136251] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52684;https=127.0.0.1:52684
ProxyServer: [S-1-5-21-439321651-4069142202-3324294406-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
URLSearchHook: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM-x32 -> {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> DefaultScope {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3368DA14-5819-46BD-98BB-417DB755C16F} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {4C974C8A-AF04-4433-8C77-7D142A55A210} URL = http://search.condui...8608CBA1D7=
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {755D8F6D-DFDB-4D50-A972-8CA741A6E30D} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {A39B26C5-462A-4C26-B376-6158F7EBD95E} URL = http://start.mysearc...r=1072125782=
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {BB7E4686-A426-46DF-BDCE-C933377F0475} URL = http://websearch.ask...10-6F9F60E1D17D
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs4.searc...669,0,IE10,7743
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM-x32 - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
Toolbar: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse...zylomplayer.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn2.safelnk...SetupClient.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9-x64 01 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 02 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 03 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 04 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 15 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-439321651-4069142202-3324294406-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bly4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: RivalGaming - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-15]
FF Extension: LivingPlay TextLinks - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-08-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Firefox\Extensions: [{BD20A947-EF74-4633-A96A-84D2F26A4812}] - C:\Users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}
Chrome:
=======
CHR Profile: C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]
CHR Extension: (Gmail) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-17] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U3 aswMBR; \??\C:\Users\Bly4\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 15:01 - 2015-01-17 15:02 - 00030974 _____ () C:\Users\Bly4\Downloads\FRST.txt
2015-01-17 14:59 - 2015-01-17 15:01 - 00000000 ____D () C:\FRST
2015-01-17 14:58 - 2015-01-17 14:59 - 02125824 _____ (Farbar) C:\Users\Bly4\Downloads\FRST64.exe
2015-01-17 13:20 - 2015-01-17 13:21 - 05198336 _____ (AVAST Software) C:\Users\Bly4\Downloads\aswMBR (1).exe
2015-01-17 13:19 - 2015-01-17 13:19 - 05198336 _____ (AVAST Software) C:\Users\Bly4\Downloads\aswMBR.exe.bln7zz4.partial
2015-01-15 22:05 - 2015-01-16 12:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-439321651-4069142202-3324294406-1000
2015-01-15 22:05 - 2015-01-16 12:10 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-439321651-4069142202-3324294406-1000
2015-01-15 22:02 - 2015-01-15 22:03 - 05149528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 22:02 - 2015-01-15 22:02 - 00004126 _____ () C:\Windows\PFRO.log
2015-01-15 20:19 - 2015-01-15 20:19 - 00143792 _____ () C:\Users\Bly4\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 19:28 - 2015-01-17 14:59 - 00001400 _____ () C:\Windows\setupact.log
2015-01-15 19:28 - 2015-01-15 19:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 14:37 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-05 14:37 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-30 12:34 - 2014-12-30 12:34 - 00000000 __SHD () C:\Users\Bly4\AppData\Local\EmieBrowserModeList
2014-12-30 11:08 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-30 11:08 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-30 11:08 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-30 11:08 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-30 11:08 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-30 11:08 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-30 11:08 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-30 11:08 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-30 11:08 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-30 11:08 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-30 11:08 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-30 11:08 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-30 11:08 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-30 11:08 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-30 11:08 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-30 11:08 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-30 11:08 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-30 11:08 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-30 11:08 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-30 11:08 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-30 11:08 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-30 11:08 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-30 11:08 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-30 11:08 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-30 11:08 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-30 11:08 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-30 11:08 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-30 11:08 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-30 11:08 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-30 11:08 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-30 11:08 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-30 11:08 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-30 11:08 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-30 11:08 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-30 11:08 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-30 11:08 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-30 11:08 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-30 11:08 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-30 11:08 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-30 11:08 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-30 11:08 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-30 11:08 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-30 11:08 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-30 11:08 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-30 11:08 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-30 11:08 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-30 11:08 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-30 11:08 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-30 11:08 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-30 11:08 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-30 11:08 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-30 11:08 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-30 11:08 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-30 11:08 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-30 11:07 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-30 11:07 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-30 11:07 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-30 11:07 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-30 11:07 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-30 11:07 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-30 11:07 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-30 11:07 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-30 11:07 - 2014-08-28 18:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-30 11:07 - 2014-08-28 17:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-30 11:07 - 2014-08-28 17:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-30 11:07 - 2014-08-28 17:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-30 11:07 - 2014-08-28 17:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-30 11:06 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-30 11:06 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-30 11:06 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-30 11:06 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-30 11:06 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-30 11:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-30 11:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-30 11:05 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-30 11:05 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-30 11:05 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-30 11:05 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-30 11:05 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-30 11:05 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-30 11:05 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-30 11:05 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-30 11:02 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-30 11:02 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-30 10:59 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-30 10:59 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-30 10:59 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-30 10:59 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-30 10:59 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-30 10:59 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-30 10:58 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-30 10:58 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-30 10:57 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-30 10:57 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-30 10:57 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-30 10:26 - 2014-12-30 10:26 - 00000000 __SHD () C:\found.004
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 15:02 - 2014-01-19 16:39 - 00000358 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000.job
2015-01-17 15:00 - 2010-06-03 20:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 14:59 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:59 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:19 - 2012-05-06 13:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 13:42 - 2009-08-25 00:30 - 01941767 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 13:14 - 2010-01-07 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-16 15:45 - 2012-07-10 20:20 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-16 12:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-16 12:10 - 2013-02-03 22:50 - 00000412 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-01-16 12:10 - 2012-07-11 17:55 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-01-16 12:10 - 2010-06-03 20:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 23:13 - 2014-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 22:20 - 2014-05-17 11:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 22:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 20:54 - 2014-09-22 15:59 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-01-15 20:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-15 19:19 - 2014-09-22 22:12 - 00000000 ____D () C:\Users\Bly4\AppData\Local\CrashDumps
2015-01-13 22:22 - 2013-07-15 12:13 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBly4
2015-01-13 22:22 - 2013-07-15 12:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForBly4.job
2015-01-13 20:14 - 2012-05-06 13:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:12 - 2012-05-06 13:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 20:12 - 2011-06-07 10:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 19:00 - 2013-01-04 08:34 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-12 19:00 - 2010-04-20 17:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-08 09:55 - 2010-02-11 21:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 08:42 - 2014-06-24 20:45 - 00000000 ____D () C:\Users\Bly4\AppData\Roaming\TS3Client
2015-01-08 00:25 - 2009-07-13 21:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 13:44 - 2009-07-13 21:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 12:29 - 2009-12-24 09:40 - 00000000 ____D () C:\Users\Bly4\AppData\Local\Adobe
2014-12-30 12:15 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-30 12:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-30 11:47 - 2010-11-20 10:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 11:41 - 2013-12-13 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 23:31 - 2013-12-31 14:48 - 00000000 ____D () C:\Users\Bly4\AppData\Roaming\.minecraft
2014-12-22 18:41 - 2010-05-30 21:05 - 00000000 ____D () C:\Users\Bly4\Documents\Ghislaine
==================== Files in the root of some directories =======
2014-05-19 17:47 - 2014-10-20 16:59 - 0002475 _____ () C:\Users\Bly4\AppData\Roaming\SAS7_000.DAT
2009-12-21 16:25 - 2012-08-28 21:28 - 0006366 _____ () C:\Users\Bly4\AppData\Roaming\wklnhst.dat
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\AtStart.txt
2013-09-18 09:57 - 2013-09-18 09:59 - 0031186 _____ () C:\Users\Bly4\AppData\Local\c4u.log
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\DSwitch.txt
2010-01-07 20:56 - 2013-09-18 10:13 - 0553368 _____ () C:\Users\Bly4\AppData\Local\installer.log
2014-06-01 11:06 - 2014-06-01 11:06 - 0000000 ___SH () C:\Users\Bly4\AppData\Local\LumaEmu
2011-11-29 20:37 - 2011-11-29 21:23 - 0000600 _____ () C:\Users\Bly4\AppData\Local\PUTTY.RND
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\QSwitch.txt
2013-06-11 18:47 - 2014-03-27 19:42 - 0007616 _____ () C:\Users\Bly4\AppData\Local\Resmon.ResmonCfg
2010-07-10 20:57 - 2010-07-10 20:57 - 0000000 _____ () C:\Users\Bly4\AppData\Local\Rwocejopev.bin
2010-04-26 19:28 - 2010-04-26 19:28 - 2184414 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 006.0
2010-04-26 19:28 - 2010-04-26 19:28 - 1586997 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 007.0
2010-04-26 19:28 - 2010-04-26 19:28 - 0353853 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 007.JPG
2010-04-26 19:29 - 2010-04-26 19:29 - 1882736 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008.0
2010-04-26 19:29 - 2010-04-26 19:29 - 0411955 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008.JPG
2010-04-26 19:30 - 2010-04-26 19:30 - 0008256 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008_navi.JPG
2010-04-26 19:24 - 2010-04-26 19:24 - 2224809 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 013.0
2010-04-26 19:24 - 2010-04-26 19:24 - 1201983 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 013.JPG
2010-04-26 19:30 - 2010-04-26 19:31 - 2144837 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014.0
2010-04-26 19:31 - 2010-04-26 19:31 - 0865109 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014.JPG
2010-04-26 19:30 - 2010-04-26 19:31 - 0013728 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014_navi.JPG
2010-04-26 20:48 - 2010-04-26 20:48 - 2245533 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 029.JPG
2010-04-26 20:48 - 2010-04-26 20:48 - 0015205 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 029_navi.JPG
2010-03-21 19:22 - 2010-03-21 19:22 - 2178259 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 048.0
2010-03-21 19:22 - 2010-03-21 19:22 - 0823601 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 048.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 2339732 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.0
2011-03-19 09:35 - 2011-03-19 09:35 - 1153278 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0011585 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580_navi.JPG
2011-03-19 09:34 - 2011-03-19 09:34 - 2107746 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.0
2011-03-19 09:35 - 2011-03-19 09:34 - 0814227 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.1
2011-03-19 09:35 - 2011-03-19 09:35 - 0814263 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.2
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.3
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0010588 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581_navi.JPG
2011-03-19 09:33 - 2011-03-19 09:37 - 2152508 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.0
2011-03-19 09:37 - 2011-03-19 09:37 - 0834317 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.JPG
2011-03-19 09:37 - 2011-03-19 09:37 - 0013189 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582_navi.JPG
2010-11-26 21:20 - 2010-11-26 21:20 - 0674933 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.0
2010-11-26 21:21 - 2010-11-26 21:20 - 0176681 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.JPG
2010-11-26 21:21 - 2010-11-26 21:21 - 0691040 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.0
2010-11-26 21:21 - 2010-11-26 21:21 - 0186674 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.JPG
2010-11-26 21:23 - 2010-11-26 21:23 - 0700418 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.0
2010-11-26 21:23 - 2010-11-26 21:23 - 0174107 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.JPG
2010-07-10 20:57 - 2010-07-10 20:57 - 0000120 _____ () C:\Users\Bly4\AppData\Local\Vjagesikomejes.dat
2013-02-03 23:14 - 2013-02-10 16:58 - 0000105 _____ () C:\Users\Bly4\AppData\Local\ZDManager.ini
2009-12-13 15:52 - 2015-01-16 15:51 - 0000281 _____ () C:\ProgramData\HPWALog.txt
2010-10-09 21:48 - 2013-02-24 12:44 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-04-14 10:55 - 2014-04-14 18:46 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-04-25 13:41 - 2013-04-25 13:41 - 0010305 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_FCA4358D-CA55-4EC6-8FED-5921CD3CBB06.swidtag
2009-08-25 01:14 - 2009-08-25 01:14 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 00:34 - 2009-08-09 00:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 01:13 - 2009-08-25 01:13 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 00:29 - 2009-08-09 00:30 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 01:13 - 2009-08-25 01:13 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 01:14 - 2009-08-25 01:14 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 00:28 - 2009-08-09 00:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 00:30 - 2009-08-09 00:34 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 01:14 - 2009-08-25 01:14 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Files to move or delete:
====================
C:\Users\cd1\setup.exe
C:\Users\crack\keygen.bat
C:\Users\crack\lic.dat
C:\Users\crack\ptcrypt.exe
Some content of TEMP:
====================
C:\Users\Bly4\AppData\Local\Temp\bpuninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 12:30
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Bly4 at 2015-01-17 15:03:21
Running from C:\Users\Bly4\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Any Video Converter 3.0.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeWeb (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\AWSoftware) (Version: 1.0 - )
ATI Catalyst Install Manager (HKLM\...\{83715090-142B-D305-36EC-7538A007D336}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
BitTorrent (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\BitTorrent) (Version: 7.9.2.33884 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Costco Photo Organizer (HKLM-x32\...\{788B97E8-D825-419A-8558-1C0B344C5371}) (Version: 1.5.0.102 - Costco Wholesale Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version: - SEIKO EPSON Corporation)
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Horizon v2.8.0.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.0.1 - Daring Development Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Juniper Networks Cache Cleaner 6.4.0 (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Juniper_Networks_Cache_Cleaner 6.4.0) (Version: 6.4.0.14619 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Neoteris_Host_Checker) (Version: 6.4.0.14619 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Juniper_Setup_Client) (Version: 2.0.2.5977 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
KODAK All-in-One Printer Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Marble Blast Gold (remove only) (HKLM-x32\...\MarbleBlastGoldYahoo) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight Free Download Packages (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Microsoft Silverlight Free Download Packages) (Version: - ) <==== ATTENTION
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.10.2 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuizCreator Free (HKLM-x32\...\Wondershare QuizCreator Free (Build 4.5.0)_is1) (Version: - Wondershare Software)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RivalGaming (HKLM-x32\...\RivalGaming) (Version: - RivalGaming) <==== ATTENTION!
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Schoolhouse Test 3 (HKLM-x32\...\{5B7A023B-5391-4157-992B-B3E8805955D5}) (Version: 3.1.17.1 - Schoolhouse Technologies)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SFR (x32 Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SolidWorks 2006 SP0 (HKLM-x32\...\{984B44FD-953F-4176-BE74-421B00ED71C5}) (Version: 14.1.0011 - SolidWorks)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super Letter Linker (HKLM-x32\...\am-superletterlinker) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version: - Ubisoft Singapore)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-12-2014 11:10:17 Windows Update
05-01-2015 14:37:06 Windows Update
16-01-2015 12:26:50 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2011-07-29 20:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {029ED49E-66AD-4672-AC2D-961E983F724E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0384559A-8A74-4C1B-BA21-8F9D93267F1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {03EFF395-79EA-4E75-92C3-D8226E691B0D} - \ASP No Task File <==== ATTENTION
Task: {11665884-73A2-40C4-A1A5-BB9CF0BE2D2A} - System32\Tasks\HPCeeScheduleForBly4 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {12BB4F89-AA2E-4BFF-A960-908593B23183} - System32\Tasks\{DD1A889D-7C86-4189-9EC6-19B9995E550E} => pcalua.exe -a C:\Users\Bly4\Desktop\setup_prevent_restore.exe -d C:\Users\Bly4\Desktop
Task: {1CC7F785-71E4-4582-95EC-3F568A5A38F2} - System32\Tasks\{846AF9D6-F471-42E8-B516-6149C1375CAA} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {1D0F43D1-39CA-432F-817C-CE88770F13DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {25DCCA2C-9A97-46F4-9628-123C1FF19CFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {28F14300-2E89-44AD-BCDB-BEA83C749DFA} - \RocketTab No Task File <==== ATTENTION
Task: {2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {3CB434F1-FCDE-4D49-9DA7-478640581DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {41F6499F-9F35-434A-89CA-A5247CCA115F} - System32\Tasks\{16B295D5-E1FF-45C2-8E2F-2BF540475A09} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {4A5E6E71-2DEE-4DA4-B2BC-17BAE3AF0C64} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4C03242F-B6C7-46C6-A361-B2F61C26BE69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4F7B6A66-90F6-4F5D-A325-1E07A2448154} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {517F3BD6-B521-4387-866C-1D65ACD4D5BB} - System32\Tasks\{3ECD99B3-5DD0-4C16-817B-C79782832B02} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {5A6E45FA-3B9D-46C6-BB77-25F4932C707C} - System32\Tasks\{9BB352E8-A829-4590-8BC9-E567310EEEF6} => pcalua.exe -a F:\setup_prevent_restore.exe -d C:\Users\Bly4\Desktop
Task: {5C32BF33-00ED-452C-8E35-7B66247F4C68} - System32\Tasks\{B6CFB258-569C-43E6-81C3-EBDF9F418F29} => pcalua.exe -a "C:\Program Files (x86)\SpeedBit Video Downloader\GRRemove.exe" -d "C:\Program Files (x86)\SpeedBit Video Downloader"
Task: {5E2E4295-6A11-4C9F-84CE-404FC136839B} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {5F8F556E-384F-45EE-ADF1-BD0230514B3C} - System32\Tasks\{872C817F-64B0-42C7-9FAF-597F5FAE1833} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {660C6DDA-6491-427D-99F8-4387F5CC2BC9} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {6CD138C1-FF04-4D64-A346-4FEE5E79945B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {6CE010F2-D4B8-4BE1-B064-036719EAA7D4} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {6F45771C-D689-4BB1-B47A-FD4C4B8FFC52} - \Dealply No Task File <==== ATTENTION
Task: {739A8A60-0E38-4965-BC8A-5DF2CC58534D} - System32\Tasks\{4C21EE64-5D9B-49F7-8AA4-19131D894002} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {7840D115-E995-4E18-BE64-99C272BFD4A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {81423BA7-4F37-469D-B3D7-A2E4813350A4} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {81A4FFAE-A1CD-4227-B87A-E886EB6A9D8D} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {873D2E51-7E5F-4EBB-AE5D-ADC8E0B66621} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8A54A360-49F5-41B1-88B6-61E8BD5F873A} - System32\Tasks\{626267D1-3E9D-4C24-A7D0-C2503116774E} => C:\Users\Bly4\Desktop\minecraft.jar\mods\BestCodecsPackSetup.exe
Task: {906ED6D2-1207-490C-B381-7B144A13C8D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {909F34E4-FCC1-4619-8482-DBE86ED8211D} - System32\Tasks\{D353CE84-B85B-4DB8-8C30-C4CE415A6E39} => pcalua.exe -a "C:\Users\Bly4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QRJP7RE\yahoo_marbleblastgold_tm1-1[1].exe" -d C:\Users\Bly4\Desktop
Task: {97F6852F-BB93-4610-8FFC-7676F21F8D88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9A51BF9D-2C76-40C1-85C5-E0A2E5EF4C65} - System32\Tasks\{75748995-CEC6-41E8-A4D1-1A2EBCB10104} => pcalua.exe -a E:\SOLIDWORKS_V2006\legend.exe -d E:\SOLIDWORKS_V2006
Task: {9CE90578-D6BE-4407-89C8-B18B21F9DBBA} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {9E93F8EE-0044-47A9-B0AC-A0DE035D162B} - System32\Tasks\{019D4A2C-5344-4A23-ABBA-DF7349A90D2B} => C:\Users\Bly4\Desktop\minecraft.jar\mods\BestCodecsPackSetup.exe
Task: {C1F5F45E-349A-4341-85D8-C1EB74ED63F9} - System32\Tasks\{4459E44D-CA78-44C2-BD25-2ACC900298F3} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {CBA25F96-DAED-4DB6-9B3D-D25750DACB84} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {CC5D91DD-DB75-46B9-8684-DFE6F4905BE9} - System32\Tasks\{C4AFC609-14C7-4E5C-9943-683BA535F933} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {CF7DAB50-9D60-4E95-8182-E2BDF5876159} - System32\Tasks\{1F086DD4-B6ED-4C8D-BF40-3C2FCC68FD3F} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {D838B64B-3912-49BC-AD87-EE46A5498564} - System32\Tasks\{F2FA5244-0C71-4F70-9A62-E2AB2BB687F2} => C:\Program Files (x86)\Marble Blast Gold\MarbleBlast.exe [2003-07-25] ()
Task: {D893E5E8-52CD-49BE-949D-AADC37BC8369} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {E7A12C8E-EB96-4021-B639-FEE99C14B021} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {EAF335B7-8A7D-4AE9-BE18-B1741114842E} - System32\Tasks\{B3A5E6DF-D253-4ED6-A2E2-777150642FAD} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {EC782F52-0A69-407C-9333-070A17B74130} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {ED921852-EE49-4AD2-BD9D-2E91486C2545} - System32\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {F1CADD5C-5C43-48E4-938C-42ECA03917F2} - System32\Tasks\4528 => Wscript.exe C:\Users\Bly4\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F405895F-56CE-4E8B-B39E-C7820229194D} - System32\Tasks\{DF15CA10-27AD-487A-8CFC-695CAB0280D2} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {F64F65CC-BD86-4D3E-8CEB-EEC19C9D049C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F805F1AA-B444-423F-848C-6E7C8A69629F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F8DCA56E-48D0-47EB-96DE-905D4FD57B9F} - System32\Tasks\{BA0A9722-4EA2-4D8A-AD54-55C75BAB9FA6} => C:\Program Files (x86)\Marble Blast Gold\MarbleBlast.exe [2003-07-25] ()
Task: {F9550745-2E20-4F8B-8084-04407A64DEC6} - \MySearchDial No Task File <==== ATTENTION
Task: {FAB749D3-B88B-4BB6-BC98-4B00D4DEBCA8} - System32\Tasks\{0D069FBF-BA03-4108-9604-F3824B435170} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {FD792E21-E467-4F98-BAC9-ED78DDCD26CC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FFB70D58-C9DE-49BA-BA8A-C512632E4A64} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBly4.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
==================== Loaded Modules (whitelisted) =============
2014-04-12 23:40 - 2014-04-12 23:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-08-09 00:34 - 2009-01-21 10:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-23 01:10 - 2014-05-23 01:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2009-07-21 09:34 - 2009-07-21 09:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2015-01-15 19:07 - 2015-01-15 19:07 - 02910720 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011502\algo.dll
2015-01-17 13:14 - 2015-01-17 13:14 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011701\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-11 10:59 - 2010-04-11 10:59 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-11 10:59 - 2010-04-11 10:59 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-04 17:03 - 2011-04-04 17:03 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-11-21 19:07 - 2014-11-21 19:07 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-07-23 10:37 - 2009-07-23 10:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: gusvc => 3
MSCONFIG\startupfolder: C:^Users^Bly4^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1421377726
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_76C729D2CF1D184427F8EA5874136251 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: HPCam_Menu => "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LTCM Client => C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PureLeads Tray => "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Users\Bly4\Desktop\steam\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => "C:\Users\Bly4\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Bly4\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Bly4\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: uTorrent => "C:\Users\Bly4\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
========================= Accounts: ==========================
Administrator (S-1-5-21-439321651-4069142202-3324294406-500 - Administrator - Disabled)
Bly4 (S-1-5-21-439321651-4069142202-3324294406-1000 - Administrator - Enabled) => C:\Users\Bly4
Guest (S-1-5-21-439321651-4069142202-3324294406-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-439321651-4069142202-3324294406-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2015 07:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Exception code: 0xc0000005
Fault offset: 0x0002b78a
Faulting process id: 0xc38
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3
Error: (01/16/2015 00:41:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/17/2015 01:14:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
Error: (01/17/2015 01:14:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdatem) service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2015 10:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053
Error: (01/15/2015 10:04:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Microsoft Office Sessions:
=========================
Error: (01/16/2015 07:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc00000050002b78ac3801d03209f90ef876C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe3acb3708-9dfd-11e4-a17f-00269e8c030e
Error: (01/16/2015 00:41:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe
CodeIntegrity Errors:
===================================
Date: 2011-07-29 21:08:23.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-29 21:08:23.683
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 65%
Total physical RAM: 4063.19 MB
Available physical RAM: 1404 MB
Total Pagefile: 8124.55 MB
Available Pagefile: 5285.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.62 GB) (Free:165.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF892B78)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Edited by fredII, 17 January 2015 - 05:12 PM.