c:\Windows\SysWOW64\_ETbqso8MBX1

I have ( I assume it is ) a virus. It is:
"c:\Windows\SysWOW64\_ETbqso8MBX1"
My anti virus program repeatedly asks to protect me from it. I click yes...and it supposedly fixes the problem. But a little while later, it is back.
I have simply gone to the file and deleted it....and a little while later, it is back.
Can anyone tell me how I can get rid of this?
I would appreciate it.
Thank You.

 

Hi kookie56,
Run these programs to clean malware and post the Logs.

This should fix it but if not we can dig it out..


--AdwCleaner--

Please download AdwCleaner by Xplode to your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan and then click Clean when finished scanning.
• A log file will automatically open after the scan has finished.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).




—Junkware Removal Tool--

Please download Junkware Removal Tool to your Desktop.
• Please close your security software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.




--RogueKiller--

• Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until pre-scan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+


please post the Logs...
2oG

 

# AdwCleaner v3.022 - Report created 24/05/2014 at 13:01:10
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cindy - MOVIE_MACHINE
# Running from : C:\Users\Cindy\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[x] Not Deleted : C:\Users\Cindy\AppData\Local\iLivid
Folder Deleted : C:\Users\Cindy\AppData\LocalLow\AskToolbar
[x] Not Deleted : C:\Users\Cindy\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Cindy\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\toolbar@ask.com
File Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
[x] Not Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\IminentToolbar
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[x] Not Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
[x] Not Deleted : [x64] HKCU\Software\ExpressFiles

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\prefs.js ]


[ File : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [5312 octets] - [24/05/2014 12:57:01]
AdwCleaner[S1].txt - [5127 octets] - [24/05/2014 13:01:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5187 octets] ##########


Only running AdWCleaner got rid of the file.
Thank you for your help.

Also, I had a file that I couldn't get rid of once before. I deleted it.
But it is still in my "Add/Remove Programs". It cannot be removed by using the programs you listed or by simply clicking on it to remove. Can you tell me how to get rid of something listed in the "Add/Remove Programs" that has already been deleted?

Thank you

 

When you delete a program instead of uninstalling it you will have a lot of leftovers that were installed with that program and an entry in add/remove that no longer points to anything.
The entry can be removed using ccleaner but the remnants will remain.
If you don’t have ccleaner, download it -> HERE.

Install it and then open it. On the left side click on Tools -> then click the uninstall button -> locate the file you want and highlight it -> click the Delete Entry button on the right side… that should do it for the add/remove entry.

From the looks of the Log you posted, you will still have infection in your computer.

If you decide to clean the rest of it, I can help you. Just run the next program and post the Logs. This program does not remove anything; it’s a Tool that’s used to remove malware manually… Have no fear, I have many years experience at this..


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, which will be the right version.


* Right click and run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
* Press Scan button.
* It will produce a log called FRST.txt in the same directory the tool is run from.
* Please copy and paste log back here.
* The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Let me know,
2oG

 

This is the FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Cindy (administrator) on MOVIE_MACHINE on 24-05-2014 21:05:19
Running from C:\Users\Cindy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\hbadmin.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\BoostSpeed.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-24] (Microsoft Corporation)
HKU\S-1-5-21-4259794245-1445099586-904811632-1001\...\Run: [] => [X]

==================== Internet (Whitelisted) ====================

ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Wondershare Video Converter Ultimate - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 216.138.0.4 216.138.27.254 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251
FF Homepage: hxxp://home.petsharmony.myway.com/home/index.jhtml?a=EF42F858-73DE-48A6-9476-1931F8BB0273&p=^BBV^hps102^YY^br&si=&n=780BF8D0&st=hp
FF NetworkProxy: "ftp", "198.148.112.46"
FF NetworkProxy: "ftp_port", 7808
FF NetworkProxy: "gopher", "198.148.112.46"
FF NetworkProxy: "gopher_port", 7808
FF NetworkProxy: "http", "198.148.112.46"
FF NetworkProxy: "http_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @ei.PhotoFriendzy_82.com/Plugin - C:\Program Files (x86)\PhotoFriendzy_82EI\Installr\1.bin\NP82EISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Cindy\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr90.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npSlingPlayer.dll (Sling Media Inc.)
FF Extension: Free Hide IP - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\support@free-hideip.com.xpi [2014-04-27]
FF Extension: Real Hide IP - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\support@real-hide-ip.com.xpi [2014-04-27]
FF Extension: Best Video Downloader 2 - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2014-04-26]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [{9caf5d89-eb75-43ab-9b57-9d4b5b6094ef}] - C:\Program Files (x86)\Re-markit\150.xpi
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-18]
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

Chrome:
=======
CHR Extension: (__MSG_appName__) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-04-24]
CHR Extension: (saeffe saaVye) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihogigemoecplkedmapfmfelpadlicg [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-08-21] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
R2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-06-11] (Cloud Engines, Inc.)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-26] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()
S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]
S2 LEC TranslateDotNet Server; "C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe" [X]
S2 TolbarUpdater; C:\Users\Cindy\AppData\Local\Temp\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [981096 2012-10-24] ()
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0027.sys [28768 2014-04-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
U3 Netlncdsnwd;
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-04-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567488 2011-10-17] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39712 2013-06-11] (Cloud Engines, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 21:05 - 2014-05-24 21:05 - 00020659 _____ () C:\Users\Cindy\Desktop\FRST.txt
2014-05-24 21:05 - 2014-05-24 21:05 - 00000000 ____D () C:\FRST
2014-05-24 21:02 - 2014-05-24 21:02 - 02066432 _____ (Farbar) C:\Users\Cindy\Desktop\FRST64.exe
2014-05-24 12:56 - 2014-05-24 13:01 - 00000000 ____D () C:\AdwCleaner
2014-05-21 18:05 - 2014-05-21 18:05 - 00000000 ____D () C:\Bones 9x24 The Recluse in the Recliner
2014-05-21 17:18 - 2014-05-21 17:18 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\13848
2014-05-21 00:21 - 2014-05-21 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2014-05-21 00:06 - 2014-05-21 00:06 - 00003699 _____ () C:\Users\Cindy\Desktop\My Documents - Shortcut.lnk
2014-05-20 19:05 - 2014-05-20 19:12 - 00000000 ____D () C:\Users\Cindy\Downloads\SlySoft AnyDVD & AnyDVD HD 7.3.8.0 Final ML+Activator
2014-05-20 18:59 - 2014-05-20 19:00 - 10952784 _____ () C:\Users\Cindy\Documents\SetupAnyDVD7470.exe
2014-05-20 18:56 - 2014-05-20 18:56 - 00003268 _____ () C:\Windows\System32\Tasks\{8AA80B57-CD38-40C7-A0EF-328EC9218C75}
2014-05-20 18:51 - 2014-05-24 12:46 - 00591051 _____ () C:\Windows\SysWOW64\_q5C84hNuFyw
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Cindy\AppData\Local\11360
2014-05-20 12:54 - 2014-05-20 13:16 - 1788807101 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.mkv
2014-05-19 20:38 - 2014-05-19 20:39 - 00273993 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.srt
2014-05-16 13:14 - 2014-05-16 13:14 - 02422638 _____ () C:\Users\Cindy\Downloads\RealHideIP-4.3.8.8.Setup.exe
2014-05-16 12:56 - 2014-05-16 12:56 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\26346
2014-05-13 21:21 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 21:21 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-13 21:21 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-13 21:21 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-13 21:21 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 21:21 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-13 21:05 - 2014-05-13 21:05 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-13 21:05 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 21:05 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 21:05 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 21:05 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 21:05 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 21:05 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 21:05 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 21:05 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-13 21:05 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 21:05 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 21:05 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 21:05 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 21:05 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 21:05 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 21:05 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 21:05 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 21:05 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 21:05 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 21:05 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 21:05 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-13 21:05 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-13 21:05 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-13 21:05 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 21:05 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 21:03 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 21:03 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 21:03 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 21:03 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-12 23:25 - 2014-05-21 20:30 - 00000000 ____D () C:\Users\Cindy\Desktop\New folder
2014-05-12 15:10 - 2014-05-12 14:09 - 00109699 _____ () C:\Users\Public\Documents\Once Upon a Time 3x22 There's No Place Like Home.srt
2014-05-09 15:12 - 2014-05-09 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-04 18:50 - 2014-05-04 18:50 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\19706
2014-05-04 18:46 - 2014-05-04 18:46 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\18814
2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\Program Files (x86)\RealHideIP
2014-04-27 23:24 - 2014-04-27 23:53 - 00000000 ____D () C:\Users\Cindy\Downloads\Real Hide IP V4.0.9.2 + Crack {blaze69}
2014-04-27 23:01 - 2014-04-27 23:01 - 00972392 _____ () C:\Users\Cindy\Downloads\Software Crack Installer.zip
2014-04-27 22:56 - 2014-04-28 15:16 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\RealHideIP
2014-04-27 22:56 - 2014-04-28 15:16 - 00000000 ____D () C:\ProgramData\RealHideIP
2014-04-27 22:48 - 2014-04-27 22:50 - 01510806 _____ () C:\Users\Cindy\Downloads\Super Hide IP 3.0.6.2.rar
2014-04-27 22:46 - 2014-04-27 22:47 - 04332714 _____ () C:\Users\Cindy\Downloads\Free_Hide_IP_3.9.6.6_Key_Downloader.exe
2014-04-27 22:39 - 2014-04-27 22:54 - 00000000 ____D () C:\Program Files (x86)\FreeHideIP
2014-04-27 22:39 - 2014-04-27 22:39 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\FreeHideIP
2014-04-27 22:09 - 2014-04-27 22:09 - 00000032 _____ () C:\Windows\go
2014-04-27 21:03 - 2014-04-27 21:03 - 00529576 _____ (Incredible Accomplishments ) C:\Users\Cindy\Downloads\SetupReadyDriverPlus.exe
2014-04-27 20:59 - 2014-04-27 20:59 - 00000000 ____D () C:\Program Files\PeerGuardian2
2014-04-27 20:46 - 2014-04-27 20:46 - 00000000 ____D () C:\Users\Cindy\Downloads\PeerGuardian_TSV38DL05
2014-04-27 13:22 - 2014-04-27 13:24 - 05461832 _____ () C:\Users\Cindy\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-04-25 20:38 - 2014-04-25 20:38 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0027.sys
2014-04-25 20:37 - 2014-04-25 20:37 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\see.sys
2014-04-25 20:23 - 2014-04-26 15:09 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2014-04-25 12:50 - 2014-05-21 16:27 - 00003372 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001
2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser860E\ntuser.ini
2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser1162\ntuser.ini
2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser860E
2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser1162
2014-04-24 17:58 - 2014-02-25 21:31 - 00000000 ____D () C:\Users\fbwuser860E\AppData\Local\Microsoft Help
2014-04-24 17:58 - 2014-02-25 21:31 - 00000000 ____D () C:\Users\fbwuser1162\AppData\Local\Microsoft Help
2014-04-24 17:58 - 2011-01-08 18:06 - 00000000 ____D () C:\Users\fbwuser860E\AppData\Roaming\Macromedia
2014-04-24 17:58 - 2011-01-08 18:06 - 00000000 ____D () C:\Users\fbwuser1162\AppData\Roaming\Macromedia
2014-04-24 17:58 - 2011-01-08 17:53 - 00001974 _____ () C:\Users\fbwuser860E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2014-04-24 17:58 - 2011-01-08 17:53 - 00001974 _____ () C:\Users\fbwuser1162\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2014-04-24 17:58 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\fbwuser860E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-24 17:58 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\fbwuser1162\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-24 17:58 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\fbwuser860E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-24 17:58 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\fbwuser1162\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-24 17:45 - 2014-04-24 17:45 - 00013450 _____ () C:\Users\Cindy\Downloads\OpenVPN-Certificate-Bundle-Dec2013.zip
2014-04-24 17:34 - 2014-04-24 17:35 - 04639202 _____ () C:\Users\Cindy\Downloads\MUTE_fileSharing-0.5.1_Windows.exe
2014-04-24 15:25 - 2014-04-24 15:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-24 00:41 - 2014-04-24 00:41 - 00000000 ____D () C:\Users\Public\Documents\Old Firefox Data

==================== One Month Modified Files and Folders =======

2014-05-24 21:05 - 2014-05-24 21:05 - 00020659 _____ () C:\Users\Cindy\Desktop\FRST.txt
2014-05-24 21:05 - 2014-05-24 21:05 - 00000000 ____D () C:\FRST
2014-05-24 21:02 - 2014-05-24 21:02 - 02066432 _____ (Farbar) C:\Users\Cindy\Desktop\FRST64.exe
2014-05-24 20:48 - 2013-06-23 16:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-24 20:28 - 2013-06-26 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 19:16 - 2011-01-08 17:38 - 01892863 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 13:46 - 2014-03-28 09:02 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCindy
2014-05-24 13:46 - 2014-03-28 09:02 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCindy.job
2014-05-24 13:12 - 2009-07-13 23:45 - 00015792 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 13:12 - 2009-07-13 23:45 - 00015792 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 13:11 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 13:07 - 2013-08-08 14:41 - 00033070 _____ () C:\Windows\setupact.log
2014-05-24 13:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 13:01 - 2014-05-24 12:56 - 00000000 ____D () C:\AdwCleaner
2014-05-24 12:46 - 2014-05-20 18:51 - 00591051 _____ () C:\Windows\SysWOW64\_q5C84hNuFyw
2014-05-23 13:12 - 2013-07-05 12:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-23 13:12 - 2013-06-28 20:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-23 13:10 - 2013-06-28 20:25 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\HpUpdate
2014-05-21 20:31 - 2013-08-13 21:41 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\avidemux
2014-05-21 20:30 - 2014-05-12 23:25 - 00000000 ____D () C:\Users\Cindy\Desktop\New folder
2014-05-21 20:15 - 2013-11-20 20:25 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\HandBrake
2014-05-21 18:44 - 2013-06-22 22:00 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-05-21 18:23 - 2013-09-12 17:20 - 00001060 _____ () C:\Users\Cindy\AppData\Roaming\DVDSubEdit.ini
2014-05-21 18:23 - 2013-06-23 18:04 - 00000000 ____D () C:\Program Files (x86)\Subrip
2014-05-21 18:20 - 2013-09-12 17:19 - 00018227 _____ () C:\Users\Cindy\AppData\Roaming\DVDSubEditLastFile0.txt
2014-05-21 18:05 - 2014-05-21 18:05 - 00000000 ____D () C:\Bones 9x24 The Recluse in the Recliner
2014-05-21 18:05 - 2013-07-27 14:24 - 00000000 ____D () C:\Users\Cindy\Documents\TMPGEnc DVD Author
2014-05-21 17:18 - 2014-05-21 17:18 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\13848
2014-05-21 16:30 - 2013-07-30 15:38 - 00000000 ____D () C:\Users\Cindy\Documents\TMPGEnc DVD
2014-05-21 16:27 - 2014-04-25 12:50 - 00003372 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001
2014-05-21 16:27 - 2014-03-20 14:15 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001
2014-05-21 00:21 - 2014-05-21 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2014-05-21 00:21 - 2014-03-04 19:33 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-05-21 00:21 - 2013-07-22 21:17 - 00000125 ___SH () C:\ProgramData\.zreglib
2014-05-21 00:21 - 2013-06-22 22:27 - 00000000 ____D () C:\Users\Cindy\Desktop\Mosted Used
2014-05-21 00:06 - 2014-05-21 00:06 - 00003699 _____ () C:\Users\Cindy\Desktop\My Documents - Shortcut.lnk
2014-05-20 19:49 - 2013-08-12 21:09 - 00338802 _____ () C:\Windows\PFRO.log
2014-05-20 19:12 - 2014-05-20 19:05 - 00000000 ____D () C:\Users\Cindy\Downloads\SlySoft AnyDVD & AnyDVD HD 7.3.8.0 Final ML+Activator
2014-05-20 19:00 - 2014-05-20 18:59 - 10952784 _____ () C:\Users\Cindy\Documents\SetupAnyDVD7470.exe
2014-05-20 18:56 - 2014-05-20 18:56 - 00003268 _____ () C:\Windows\System32\Tasks\{8AA80B57-CD38-40C7-A0EF-328EC9218C75}
2014-05-20 18:54 - 2013-06-23 00:05 - 00000000 ____D () C:\Users\Cindy\AppData\Local\CrashDumps
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Cindy\AppData\Local\11360
2014-05-20 18:45 - 2013-10-24 15:35 - 00268288 ___SH () C:\Users\Cindy\Documents\Thumbs.db
2014-05-20 17:11 - 2013-06-22 23:41 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2014-05-20 13:16 - 2014-05-20 12:54 - 1788807101 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.mkv
2014-05-20 12:40 - 2014-03-17 19:12 - 00003350 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001
2014-05-20 12:40 - 2014-03-17 19:12 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001
2014-05-20 03:31 - 2014-04-12 21:22 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate
2014-05-20 03:30 - 2013-06-27 23:21 - 00000000 ____D () C:\ProgramData\VSO
2014-05-20 03:25 - 2013-06-27 23:21 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\Vso
2014-05-19 23:07 - 2013-06-27 23:26 - 00000000 ____D () C:\Users\Cindy\Documents\ConvertXtoDVD
2014-05-19 20:39 - 2014-05-19 20:38 - 00273993 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.srt
2014-05-18 16:45 - 2013-06-22 14:04 - 00000000 ____D () C:\Desktop Nexus
2014-05-18 14:36 - 2011-01-08 17:59 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-17 16:02 - 2013-06-22 22:07 - 00000575 _____ () C:\Users\Cindy\AppData\Roaming\AutoGK.ini
2014-05-16 15:30 - 2014-03-23 21:08 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\uTorrent
2014-05-16 14:53 - 2013-06-22 22:49 - 00000000 ____D () C:\AVIs
2014-05-16 14:46 - 2013-06-25 20:11 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\vlc
2014-05-16 14:45 - 2013-10-25 01:05 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\dvdcss
2014-05-16 13:43 - 2014-03-21 22:39 - 00000000 ____D () C:\Users\Cindy\Downloads\DVDFAB v9.1.3.6 + Activators [danhuk]
2014-05-16 13:14 - 2014-05-16 13:14 - 02422638 _____ () C:\Users\Cindy\Downloads\RealHideIP-4.3.8.8.Setup.exe
2014-05-16 13:05 - 2014-03-21 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2014-05-16 13:05 - 2013-06-22 23:42 - 00000000 ____D () C:\Users\Cindy\Documents\DVDFab9
2014-05-16 12:56 - 2014-05-16 12:56 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\26346
2014-05-16 11:53 - 2013-06-22 21:30 - 00194824 _____ () C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-15 11:25 - 2009-07-13 23:45 - 00618456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 17:54 - 2013-11-27 19:29 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-14 16:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 13:30 - 2013-06-26 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 13:30 - 2013-06-26 14:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 13:30 - 2013-06-26 14:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 13:26 - 2014-04-16 19:03 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Photo Explosion
2014-05-14 13:24 - 2011-01-08 17:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-14 13:03 - 2013-06-22 21:31 - 00000000 ___RD () C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 13:03 - 2013-06-22 21:31 - 00000000 ___RD () C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-13 21:24 - 2014-04-23 13:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-13 21:22 - 2013-07-10 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-13 21:20 - 2013-07-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-13 21:18 - 2013-06-23 21:14 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 21:13 - 2013-08-21 13:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-13 21:08 - 2013-06-22 21:49 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\Adobe
2014-05-13 21:05 - 2014-05-13 21:05 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 14:09 - 2014-05-12 15:10 - 00109699 _____ () C:\Users\Public\Documents\Once Upon a Time 3x22 There's No Place Like Home.srt
2014-05-10 12:59 - 2013-10-27 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 15:12 - 2014-05-09 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:18 - 2009-07-13 21:34 - 00000831 _____ () C:\Windows\win.ini
2014-05-09 01:14 - 2014-05-13 21:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 01:11 - 2014-05-13 21:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 23:40 - 2014-05-13 21:21 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:17 - 2014-05-13 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:25 - 2014-05-13 21:21 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:07 - 2014-05-13 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 22:00 - 2014-05-13 21:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 21:10 - 2014-05-13 21:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 18:50 - 2014-05-04 18:50 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\19706
2014-05-04 18:46 - 2014-05-04 18:46 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\18814
2014-05-02 01:38 - 2013-06-28 20:25 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\HP Support Assistant
2014-04-28 15:16 - 2014-04-27 22:56 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\RealHideIP
2014-04-28 15:16 - 2014-04-27 22:56 - 00000000 ____D () C:\ProgramData\RealHideIP
2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\Program Files (x86)\RealHideIP
2014-04-27 23:53 - 2014-04-27 23:24 - 00000000 ____D () C:\Users\Cindy\Downloads\Real Hide IP V4.0.9.2 + Crack {blaze69}
2014-04-27 23:01 - 2014-04-27 23:01 - 00972392 _____ () C:\Users\Cindy\Downloads\Software Crack Installer.zip
2014-04-27 22:54 - 2014-04-27 22:39 - 00000000 ____D () C:\Program Files (x86)\FreeHideIP
2014-04-27 22:50 - 2014-04-27 22:48 - 01510806 _____ () C:\Users\Cindy\Downloads\Super Hide IP 3.0.6.2.rar
2014-04-27 22:47 - 2014-04-27 22:46 - 04332714 _____ () C:\Users\Cindy\Downloads\Free_Hide_IP_3.9.6.6_Key_Downloader.exe
2014-04-27 22:39 - 2014-04-27 22:39 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\FreeHideIP
2014-04-27 22:09 - 2014-04-27 22:09 - 00000032 _____ () C:\Windows\go
2014-04-27 21:03 - 2014-04-27 21:03 - 00529576 _____ (Incredible Accomplishments ) C:\Users\Cindy\Downloads\SetupReadyDriverPlus.exe
2014-04-27 20:59 - 2014-04-27 20:59 - 00000000 ____D () C:\Program Files\PeerGuardian2
2014-04-27 20:46 - 2014-04-27 20:46 - 00000000 ____D () C:\Users\Cindy\Downloads\PeerGuardian_TSV38DL05
2014-04-27 16:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-27 15:34 - 2013-08-12 20:35 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-27 15:32 - 2013-06-23 16:17 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-04-27 15:26 - 2013-06-22 22:42 - 00782470 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-27 13:24 - 2014-04-27 13:22 - 05461832 _____ () C:\Users\Cindy\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-04-26 15:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 15:09 - 2014-04-25 20:23 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2014-04-26 13:32 - 2013-06-26 14:21 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Adobe
2014-04-25 20:38 - 2014-04-25 20:38 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0027.sys
2014-04-25 20:37 - 2014-04-25 20:37 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\see.sys
2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser860E\ntuser.ini
2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser1162\ntuser.ini
2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser860E
2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser1162
2014-04-24 17:45 - 2014-04-24 17:45 - 00013450 _____ () C:\Users\Cindy\Downloads\OpenVPN-Certificate-Bundle-Dec2013.zip
2014-04-24 17:35 - 2014-04-24 17:34 - 04639202 _____ () C:\Users\Cindy\Downloads\MUTE_fileSharing-0.5.1_Windows.exe
2014-04-24 15:25 - 2014-04-24 15:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-24 15:25 - 2013-08-21 13:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-24 00:41 - 2014-04-24 00:41 - 00000000 ____D () C:\Users\Public\Documents\Old Firefox Data

Files to move or delete:
====================
C:\Windows\SysWOW64\WinMonitor.exe
C:\Windows\SysWOW64\libs.exe


Some content of TEMP:
====================
C:\Users\Cindy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-05-19 13:54

==================== End Of Log ============================

This is the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014
Ran by Cindy at 2014-05-24 21:05:43
Running from C:\Users\Cindy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG Internet Security Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security Business Edition (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
2011 Hallmark Registration Bonus Pack (HKLM-x32\...\{E0570DE2-4B9D-47B6-A034-3B18829C0EAC}) (Version: 1.0.0.1 - Creative Home)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version: - )
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Any Video Converter Ultimate 4.5.7 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.0.0 - SlySoft)
ArcSoft Funhouse (HKLM-x32\...\{21A7C708-D575-491C-94AE-86FFCF2BF19F}) (Version: - )
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.0.1.119 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.0.1.119 - ArcSoft) Hidden
Ashampoo Music Studio 4 v.4.1.0 (HKLM-x32\...\{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1) (Version: 4.1.0 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AVG (HKLM\...\AVG) (Version: 3469 - AVG Technologies)
AVG 2013 (Version: 13.0.3469 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3629 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
AVG PC TuneUp 10.0.0.27 PreCracked (HKCU\...\AVG PC TuneUp 10.0.0.27 PreCracked) (Version: - )
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
CCExtractor (HKLM-x32\...\{146FDB2F-63F9-4471-9CE9-B00527D92EBC}) (Version: 0.66.0 - CCExtractor)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Click'N Design 3D V4.82 (HKLM-x32\...\Click'N Design 3D V4.82) (Version: 4.0 - CD Stomper)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.22 - DivX, Inc. )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab 9.1.4.5 (14/05/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gimp 2.6.2 Debug (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hallmark Card Studio 2011 Deluxe (HKLM-x32\...\{62687EAC-F27D-49AC-A0E2-3899B0459113}) (Version: 12.0.2.6 - Hallmark Software)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
jetAudio Plus (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.7.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.5 - )
K-Lite Mega Codec Pack 9.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (x32 Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Home Publishing 2000 (HKLM-x32\...\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}) (Version: 4.0.0000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Photo Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0706 - Microsoft Corporation)
Microsoft Photo Premium 10 (x32 Version: 10.0.0706 - Microsoft Corporation) Hidden
Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Picture It! Library 10 (x32 Version: 10.0.0706 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MKV to AVI Video Converter v1.1 (HKLM-x32\...\MKV to AVI Video Converter_is1) (Version: 1.1.0.0 - DVDAVITools)
MKVToolNix 6.9.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20031 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0023 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.8000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.20.8200 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
Nero SoundTrax Help (CHM) (x32 Version: 12.0.14000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero WaveEditor Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
palmOne (HKLM-x32\...\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}) (Version: 4.1.0420 - palmOne, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
PeerGuardian 2.0 (x32 Version: 2.0.6.4 - Methlabs Productions) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pogoplug PC (HKLM\...\PogoplugPC) (Version: 1.1.14 - Cloud Engines Inc.)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Presto! DVD Composer (HKLM-x32\...\{994DAD5D-F235-11D6-AC57-0050BA1D384D}) (Version: - )
Presto! Mr. Photo 3 (HKLM-x32\...\{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}) (Version: - )
Presto! PixExpress (HKLM-x32\...\{50B59CBA-C099-4A83-9EE7-3B1B28CD7897}) (Version: - )
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Real Hide IP (HKLM-x32\...\RealHideIP) (Version: 4.0.9.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Re-markit (HKLM-x32\...\e328a920-58cd-4e08-87a2-be7554d6842f) (Version: - Re-markit Software) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio BackOnTrack (x32 Version: 4.5 - Roxio) Hidden
Roxio Central (x32 Version: 7.0.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator NXT Pro (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
Roxio Creator NXT Pro (x32 Version: 1.4.184 - Roxio) Hidden
Roxio Secure Burn (x32 Version: 2.0 - Roxio) Hidden
Roxio VHS Capture Driver (x32 Version: 1.05.0000 - Corel) Hidden
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Start UP (HKLM-x32\...\{2C9241DC-E141-4BB9-99F2-0BC54D81862F}) (Version: - )
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Subtitle Edit 3.3.12 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.12.2367 - Nikse)
Subtitle Translation Wizard 4.1 (HKLM-x32\...\Subtitle Translation Wizard_is1) (Version: - upRedSun, Inc.)
Subtitle Workshop 6.0a (HKLM-x32\...\SubtitleWorkshop) (Version: - )
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
TMPGEnc DVD Author 1.6 (HKLM-x32\...\{52E9D791-5A64-474D-A575-20ADC2446B3B}) (Version: 1.6.34.89 - Pegasys Inc.)
TMPGEnc Sound Player (HKLM-x32\...\{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}) (Version: 1.0.2.9 - Pegasys Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.6.3 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
USB Video Device (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC Codec Pack 2.0.5 (HKLM-x32\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)
VSO CopyToDVD 4 (HKLM-x32\...\{870F1750-BA89-11DA-A94D-0800200C9A66}_is1) (Version: 4.3.1.12c - VSO Software)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinX HD Video Converter Deluxe version WinX HD Video Converter Deluxe 5.0.4 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: WinX HD Video Converter Deluxe 5.0.4 - Digiarty Software, Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Wondershare Video Converter Ultimate(Build 6.0.0.18) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.0.0.18 - Wondershare Software)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

25-05-2014 02:04:18 5-24 2014

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-04-27 15:30 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01079806-7CE1-4924-876B-AC9BF2259CD3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-24] ()
Task: {0D1EE808-0460-4160-832C-A49D6829B202} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-13] (Microsoft)
Task: {0E61D5B0-477E-4DE8-BDF4-3E1BA7CCA8CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {0F1EC480-F153-48D2-B6FD-09F3596E1BC3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1EB25CEC-77E4-4EA2-9A94-EA1EAF6E4A49} - \DSite No Task File <==== ATTENTION
Task: {2698839D-EDDE-4566-9194-4C55353A6CEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2BC22FE1-59CF-4DD0-88E0-8D2EDEC5F32E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {3F1D4775-9840-4BF1-B120-604EE1E4BBCE} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {44926EDA-C273-4963-8044-E49D4B05A7CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {4A0AD197-2E73-4ABD-919A-E645986D472C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4E491FFC-AEED-40FC-89D3-D77B9BCAC18F} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {56D87F20-65D1-4405-ADB5-47F898F54681} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5DC872ED-EF5B-48B2-BFD8-086578C36506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {718A6B55-5496-4B56-A6B7-1A817592FBA8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {79B65A33-B53C-4FB9-AFC7-65A16DDA9AA9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {935EC0EA-F6A1-44C9-855A-20A8585035F9} - System32\Tasks\HPCeeScheduleForMOVIE_MACHINE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {9E24D72D-578E-4951-8EC5-5C1FC046F3C4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {A93E1FBC-4216-4307-8AF3-0152AA1AA256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B4219348-93A8-43F7-A722-374872B2152A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {B5448C57-B025-4264-B920-1E2F8750832D} - \AmiUpdXp No Task File <==== ATTENTION
Task: {C6AA6B7F-E1F8-4E25-8BD7-2BA9C85D7CBD} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {DF18A553-BD5A-49E2-AF62-690798E04C03} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {E609EF7A-FEDF-4386-89B9-BD9A61A7E966} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Cindy Logon => C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\BoostSpeed.exe [2011-11-03] (AVG)
Task: {E8A82F63-E2D5-4F26-A754-AFDEBAB299F2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E8E29FB4-CA2B-43BF-B131-466DD5768244} - System32\Tasks\HPCeeScheduleForCindy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCindy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMOVIE_MACHINE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-06-20 16:48 - 2012-06-20 16:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2012-07-11 02:04 - 2012-07-11 02:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-04-18 21:05 - 2012-09-06 18:40 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2013-06-22 22:04 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-07-05 20:47 - 2012-07-05 20:47 - 00185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-07-05 20:47 - 2012-07-05 20:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
2012-07-11 02:04 - 2012-07-11 02:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2012-07-11 02:04 - 2012-07-11 02:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2012-07-11 02:04 - 2012-07-11 02:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-01-20 17:31 - 2011-11-03 11:21 - 00350024 _____ () C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madExcept_.bpl
2012-01-20 17:31 - 2011-11-03 11:21 - 00184136 _____ () C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madBasic_.bpl
2012-01-20 17:31 - 2011-11-03 11:21 - 00050504 _____ () C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madDisAsm_.bpl

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\Windows\pss\HotSync Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMenu.lnk => C:\Windows\pss\TrayMenu.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Cindy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk => C:\Windows\pss\palmOne Registration.lnk.Startup
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Cindy\AppData\Local\Smartbar\Application\SnapDo.exe startup
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Ekhtion => regsvr32.exe C:\Users\Cindy\AppData\Local\Ekhtion\CncctrlMon.dll
MSCONFIG\startupreg: ExpressFiles => "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iLivid => "C:\Users\Cindy\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Cindy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PogoplugPC => "C:\Program Files (x86)\PogoplugPC\ppserver.exe" --starthidden
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe"
MSCONFIG\startupreg: Security Updates => "C:\Users\Cindy\AppData\Local\Temp\install-security-updates.exe"
MSCONFIG\startupreg: Smart Start UP => C:\Program Files (x86)\NewSoft\Smart Start UP\PnPDetect.exe /Automation
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: tsiVideo => C:\Windows\SysWOW64\rundll32.exe C:\Users\Cindy\AppData\Local\Temp\\mdi564.dll,runme
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
MSCONFIG\startupreg: TWC.Win7 => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\XviD\CheckUpdate.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Cindy\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2014 04:00:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/24/2014 01:29:55 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2014 01:25:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2014 01:21:48 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2014 01:13:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2014 01:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x6f4
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3

Error: (05/24/2014 01:07:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at ..
(System.String, System.String, ., System.String)
at ...ctor()
at ..
(.
)
at .
.
()

Error: (05/24/2014 01:01:06 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2014 00:52:59 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2014 00:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x6dc
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3


System errors:
=============
Error: (05/24/2014 04:14:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/24/2014 01:07:31 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/24/2014 01:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Toolbar Updater service failed to start due to the following error:
%%2

Error: (05/24/2014 01:07:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Roxio Hard Drive Watcher 14 service terminated with the following error:
%%-2147467243

Error: (05/24/2014 01:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LEC TranslateDotNet Server service failed to start due to the following error:
%%2

Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/24/2014 04:00:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2014 01:29:55 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 01:25:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 01:21:48 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 01:13:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 01:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.0.052aef33fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d6f401cf777b01cf43acC:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll47c331f1-e36e-11e3-8314-00ac7e8d77a9

Error: (05/24/2014 01:07:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at ..
(System.String, System.String, ., System.String)
at ...ctor()
at ..
(.
)
at .
.
()

Error: (05/24/2014 01:01:06 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 00:52:59 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 00:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.0.052aef33fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d6dc01cf7778166976b0C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll66578979-e36b-11e3-918a-00ac7e8d77a9


CodeIntegrity Errors:
===================================
Date: 2014-04-27 21:28:43.913
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:28:43.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:28:31.527
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:28:31.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:27:40.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:27:40.093
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:22:28.933
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:22:28.808
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:18:49.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 21:18:49.120
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 5887.28 MB
Available physical RAM: 4051.95 MB
Total Pagefile: 11772.73 MB
Available Pagefile: 9867.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:671.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 02CAAD5A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Hi kookie56,

Well your computer isn't in as bad shape as I had expected. Right off I only see one bad malware and some PUPs. That's a big Log and it will take me some time to go all over it so, please have patients and I'll get it as soon as possible.

Were you able to rid that add/remove listing? If not, tell me what it is and I'll take care of it along with the other things. Also, do you have any other problems? Let me know before I start and we'll try to take care of them as well.

 

It was a virus called snapdo. I used all the things you said to use and got rid of it, but it is still listed in the Add/Remove Programs.
Thank you

 

Yes, I found it and have it up for removal. I found some other malware deep in the Log and should complete the fix later this afternoon so will get back to you then.

Are you having any kind of problems with the computer that I can check for???

2oG

 

Hi kookie,

Here is the Fix I prepared for your computer. Just follow the instructions. If you have any questions before going ahead, please ask.


Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the code box into Notepad:

Code:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4259794245-1445099586-904811632-1001\...\Run: [] => [X]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-26] ()
S2 TolbarUpdater; C:\Users\Cindy\AppData\Local\Temp\ToolbarUpdater.exe [X]
C:\Windows\SysWOW64\WinMonitor.exe
C:\Windows\SysWOW64\libs.exe
C:\Windows\SysWOW64\srvany.exe
C:\Users\Cindy\AppData\Local\Temp\Quarantine.exe
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
Re-markit (HKLM-x32\...\e328a920-58cd-4e08-87a2-be7554d6842f) (Version: - Re-markit Software) <==== ATTENTION
C:\Program Files (x86)\Re-markit
Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
Task: {1EB25CEC-77E4-4EA2-9A94-EA1EAF6E4A49} - \DSite No Task File <==== ATTENTION
Task: {3F1D4775-9840-4BF1-B120-604EE1E4BBCE} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {4E491FFC-AEED-40FC-89D3-D77B9BCAC18F} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {B5448C57-B025-4264-B920-1E2F8750832D} - \AmiUpdXp No Task File <==== ATTENTION
Task: {C6AA6B7F-E1F8-4E25-8BD7-2BA9C85D7CBD} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {DF18A553-BD5A-49E2-AF62-690798E04C03} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Cindy\AppData\Local\Smartbar\Application\SnapDo.exe startup
MSCONFIG\startupreg: Ekhtion => regsvr32.exe C:\Users\Cindy\AppData\Local\Ekhtion\CncctrlMon.dll
C:\Users\Cindy\AppData\Local\Ekhtion
MSCONFIG\startupreg: iLivid => "C:\Users\Cindy\AppData\Local\iLivid\iLivid.exe" -autorun
C:\Users\Cindy\AppData\Local\iLivid
MSCONFIG\startupreg: Security Updates => "C:\Users\Cindy\AppData\Local\Temp\install-security-updates.exe"
C:\Users\Cindy\AppData\Local\Temp\install-security-updates.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Cindy\AppData\Roaming\Yontoo\YontooDesktop.exe"
C:\Users\Cindy\AppData\Roaming\Yontoo\YontooDesktop.exe

Click on File > Save As....

In the File Name box, copy and paste in fixlist.txt

Click Save and save it to the same folder containing FRST (desktop?).

Double click on FRST.exe click the Fix button then OK.

Now reboot, check it out and let me know how things are.

2oG

 

I already deleted the the log texts.
I am not having any trouble with my computer, as far as it running okay.
The only thing is the snapdo in my Add/Remove Programs folder that I can't get rid of.
I don't know what other problems I have, but I don't notice it when I am on the computer.
Thank you

 

My Bad, it was left out of my fix and I overlooked it. Getting old, I guess. LOL
Do this little fix and it will remove the Snapdo entry...

Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the code box into Notepad:

Code:

Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION

Click on File > Save As....

In the File Name box, copy and paste in fixlist.txt

Click Save and save it to the same folder containing FRST (desktop?).

Double click on FRST.exe click the Fix button then OK.

Check it out and let me know..

2oG

 

This is what I got after clicking on fix:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Cindy at 2014-05-27 13:46:47 Run:1
Running from C:\Users\Cindy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
*****************


==== End of Fixlog ====

The thing is.....snapdo is still listed in the Add/Remove Programs.

Was this suppose to remove it?
If so......What now?

Thank you

 

Oh kookie, what a problem.. just kidding.

Yes this was supposed to remove it and if you used ccleaner that too was supposed to remove it.

If I had your computer in front of me, I could remove it by searching the registry but that would be a process where you would need advanced knowledge.

It is a dead entry in the registry that hurts nothing except your desire to get rid of it. lol

Try to think about it like this: When you were young you carved your boyfriends phone number in the top of the table where the phone was and since then the boy has moved and the number is no longer in service. It's an eye sore but is not doing any harm.

My advice is to just ignore it or if you know someone that has the knowledge to remove it ask them to do it for you.

I would hate to try instructing you over a back and forth post on here and as I said; It hurts nothing...

2oG

 

Thank you for taking the time to help me.
I really appreciate it.

 

You are very welcome.
Anytime you need help just give me a shout.......

2oG