1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

c:\Windows\SysWOW64\_ETbqso8MBX1

Discussion in 'Windows - Virus and spyware problems' started by kookie56, May 23, 2014.

  1. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    I have ( I assume it is ) a virus. It is:
    "c:\Windows\SysWOW64\_ETbqso8MBX1"
    My anti virus program repeatedly asks to protect me from it. I click yes...and it supposedly fixes the problem. But a little while later, it is back.
    I have simply gone to the file and deleted it....and a little while later, it is back.
    Can anyone tell me how I can get rid of this?
    I would appreciate it.
    Thank You.
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi kookie56,
    Run these programs to clean malware and post the Logs.

    This should fix it but if not we can dig it out..


    --AdwCleaner--

    Please download AdwCleaner by Xplode to your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan and then click Clean when finished scanning.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).




    [​IMG] —Junkware Removal Tool--

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.




    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until pre-scan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


    please post the Logs...
    2oG
     
  3. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    # AdwCleaner v3.022 - Report created 24/05/2014 at 13:01:10
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Cindy - MOVIE_MACHINE
    # Running from : C:\Users\Cindy\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [x] Not Deleted : C:\Program Files (x86)\ExpressFiles
    Folder Deleted : C:\Program Files (x86)\IminentToolbar
    Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    [x] Not Deleted : C:\Users\Cindy\AppData\Local\iLivid
    Folder Deleted : C:\Users\Cindy\AppData\LocalLow\AskToolbar
    [x] Not Deleted : C:\Users\Cindy\AppData\Roaming\ExpressFiles
    Folder Deleted : C:\Users\Cindy\AppData\Roaming\IminentToolbar
    Folder Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\anttoolbar@ant.com
    Folder Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\toolbar@ask.com
    File Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\user.js
    File Deleted : C:\Windows\Tasks\AmiUpdXp.job
    File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
    File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
    File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\Conduit
    [x] Not Deleted : HKCU\Software\ExpressFiles
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\IminentToolbar
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    [x] Not Deleted : HKLM\Software\ExpressFiles
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
    [x] Not Deleted : [x64] HKCU\Software\ExpressFiles

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\prefs.js ]


    [ File : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R2].txt - [5312 octets] - [24/05/2014 12:57:01]
    AdwCleaner[S1].txt - [5127 octets] - [24/05/2014 13:01:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5187 octets] ##########


    Only running AdWCleaner got rid of the file.
    Thank you for your help.

    Also, I had a file that I couldn't get rid of once before. I deleted it.
    But it is still in my "Add/Remove Programs". It cannot be removed by using the programs you listed or by simply clicking on it to remove. Can you tell me how to get rid of something listed in the "Add/Remove Programs" that has already been deleted?

    Thank you
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    When you delete a program instead of uninstalling it you will have a lot of leftovers that were installed with that program and an entry in add/remove that no longer points to anything.
    The entry can be removed using ccleaner but the remnants will remain.
    If you don’t have ccleaner, download it -> HERE.

    Install it and then open it. On the left side click on Tools -> then click the uninstall button -> locate the file you want and highlight it -> click the Delete Entry button on the right side… that should do it for the add/remove entry.

    From the looks of the Log you posted, you will still have infection in your computer.

    If you decide to clean the rest of it, I can help you. Just run the next program and post the Logs. This program does not remove anything; it’s a Tool that’s used to remove malware manually… Have no fear, I have many years experience at this..


    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, which will be the right version.


    * Right click and run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    * Press Scan button.
    * It will produce a log called FRST.txt in the same directory the tool is run from.
    * Please copy and paste log back here.
    * The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    Let me know,
    2oG
     
  5. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    This is the FRST.txt:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
    Ran by Cindy (administrator) on MOVIE_MACHINE on 24-05-2014 21:05:19
    Running from C:\Users\Cindy\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    (Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\hbadmin.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (AVG) C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\BoostSpeed.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    (Microsoft Corporation) C:\Windows\System32\wbengine.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe


    ==================== Registry (Whitelisted) ==================

    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
    HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-24] (Microsoft Corporation)
    HKU\S-1-5-21-4259794245-1445099586-904811632-1001\...\Run: [] => [X]

    ==================== Internet (Whitelisted) ====================

    ProxyServer: http=;ftp=;https=;
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Wondershare Video Converter Ultimate - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
    Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 216.138.0.4 216.138.27.254 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251
    FF Homepage: hxxp://home.petsharmony.myway.com/home/index.jhtml?a=EF42F858-73DE-48A6-9476-1931F8BB0273&p=^BBV^hps102^YY^br&si=&n=780BF8D0&st=hp
    FF NetworkProxy: "ftp", "198.148.112.46"
    FF NetworkProxy: "ftp_port", 7808
    FF NetworkProxy: "gopher", "198.148.112.46"
    FF NetworkProxy: "gopher_port", 7808
    FF NetworkProxy: "http", "198.148.112.46"
    FF NetworkProxy: "http_port", 7808
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Windows\system32\C2MP\npdivx32.dll No File
    FF Plugin-x32: @ei.PhotoFriendzy_82.com/Plugin - C:\Program Files (x86)\PhotoFriendzy_82EI\Installr\1.bin\NP82EISB.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Cindy\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr90.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npSlingPlayer.dll (Sling Media Inc.)
    FF Extension: Free Hide IP - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\support@free-hideip.com.xpi [2014-04-27]
    FF Extension: Real Hide IP - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\support@real-hide-ip.com.xpi [2014-04-27]
    FF Extension: Best Video Downloader 2 - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2014-04-26]
    FF Extension: Easy Youtube Video Downloader Express - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\s31k1muh.default-1398318089251\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-05-04]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-18]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-17]
    FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
    FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
    FF HKCU\...\Firefox\Extensions: [{9caf5d89-eb75-43ab-9b57-9d4b5b6094ef}] - C:\Program Files (x86)\Re-markit\150.xpi
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-18]
    FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
    FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

    Chrome:
    =======
    CHR Extension: (__MSG_appName__) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-04-24]
    CHR Extension: (saeffe saaVye) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihogigemoecplkedmapfmfelpadlicg [2013-07-26]
    CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2014-04-12]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ==================== Services (Whitelisted) =================

    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
    R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-08-21] ()
    R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
    R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
    R2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-06-11] (Cloud Engines, Inc.)
    S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-26] ()
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()
    S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
    S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]
    S2 LEC TranslateDotNet Server; "C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe" [X]
    S2 TolbarUpdater; C:\Users\Cindy\AppData\Local\Temp\ToolbarUpdater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
    R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [981096 2012-10-24] ()
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
    R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0027.sys [28768 2014-04-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
    U3 Netlncdsnwd;
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
    R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
    R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
    S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-04-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
    S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567488 2011-10-17] ()
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
    R3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39712 2013-06-11] (Cloud Engines, Inc.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-24 21:05 - 2014-05-24 21:05 - 00020659 _____ () C:\Users\Cindy\Desktop\FRST.txt
    2014-05-24 21:05 - 2014-05-24 21:05 - 00000000 ____D () C:\FRST
    2014-05-24 21:02 - 2014-05-24 21:02 - 02066432 _____ (Farbar) C:\Users\Cindy\Desktop\FRST64.exe
    2014-05-24 12:56 - 2014-05-24 13:01 - 00000000 ____D () C:\AdwCleaner
    2014-05-21 18:05 - 2014-05-21 18:05 - 00000000 ____D () C:\Bones 9x24 The Recluse in the Recliner
    2014-05-21 17:18 - 2014-05-21 17:18 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\13848
    2014-05-21 00:21 - 2014-05-21 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
    2014-05-21 00:06 - 2014-05-21 00:06 - 00003699 _____ () C:\Users\Cindy\Desktop\My Documents - Shortcut.lnk
    2014-05-20 19:05 - 2014-05-20 19:12 - 00000000 ____D () C:\Users\Cindy\Downloads\SlySoft AnyDVD & AnyDVD HD 7.3.8.0 Final ML+Activator
    2014-05-20 18:59 - 2014-05-20 19:00 - 10952784 _____ () C:\Users\Cindy\Documents\SetupAnyDVD7470.exe
    2014-05-20 18:56 - 2014-05-20 18:56 - 00003268 _____ () C:\Windows\System32\Tasks\{8AA80B57-CD38-40C7-A0EF-328EC9218C75}
    2014-05-20 18:51 - 2014-05-24 12:46 - 00591051 _____ () C:\Windows\SysWOW64\_q5C84hNuFyw
    2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Cindy\AppData\Local\11360
    2014-05-20 12:54 - 2014-05-20 13:16 - 1788807101 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.mkv
    2014-05-19 20:38 - 2014-05-19 20:39 - 00273993 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.srt
    2014-05-16 13:14 - 2014-05-16 13:14 - 02422638 _____ () C:\Users\Cindy\Downloads\RealHideIP-4.3.8.8.Setup.exe
    2014-05-16 12:56 - 2014-05-16 12:56 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\26346
    2014-05-13 21:21 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-13 21:21 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-13 21:21 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-13 21:21 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-13 21:21 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-13 21:21 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-13 21:05 - 2014-05-13 21:05 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-05-13 21:05 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-13 21:05 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-13 21:05 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-13 21:05 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-13 21:05 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-13 21:05 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-13 21:05 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-13 21:05 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-13 21:05 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-13 21:05 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-13 21:05 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-13 21:05 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-13 21:05 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-13 21:05 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-13 21:05 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-13 21:05 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-13 21:05 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-13 21:05 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-13 21:05 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-13 21:03 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-13 21:03 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-13 21:03 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-13 21:03 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-12 23:25 - 2014-05-21 20:30 - 00000000 ____D () C:\Users\Cindy\Desktop\New folder
    2014-05-12 15:10 - 2014-05-12 14:09 - 00109699 _____ () C:\Users\Public\Documents\Once Upon a Time 3x22 There's No Place Like Home.srt
    2014-05-09 15:12 - 2014-05-09 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-04 18:50 - 2014-05-04 18:50 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\19706
    2014-05-04 18:46 - 2014-05-04 18:46 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\18814
    2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
    2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\Program Files (x86)\RealHideIP
    2014-04-27 23:24 - 2014-04-27 23:53 - 00000000 ____D () C:\Users\Cindy\Downloads\Real Hide IP V4.0.9.2 + Crack {blaze69}
    2014-04-27 23:01 - 2014-04-27 23:01 - 00972392 _____ () C:\Users\Cindy\Downloads\Software Crack Installer.zip
    2014-04-27 22:56 - 2014-04-28 15:16 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\RealHideIP
    2014-04-27 22:56 - 2014-04-28 15:16 - 00000000 ____D () C:\ProgramData\RealHideIP
    2014-04-27 22:48 - 2014-04-27 22:50 - 01510806 _____ () C:\Users\Cindy\Downloads\Super Hide IP 3.0.6.2.rar
    2014-04-27 22:46 - 2014-04-27 22:47 - 04332714 _____ () C:\Users\Cindy\Downloads\Free_Hide_IP_3.9.6.6_Key_Downloader.exe
    2014-04-27 22:39 - 2014-04-27 22:54 - 00000000 ____D () C:\Program Files (x86)\FreeHideIP
    2014-04-27 22:39 - 2014-04-27 22:39 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\FreeHideIP
    2014-04-27 22:09 - 2014-04-27 22:09 - 00000032 _____ () C:\Windows\go
    2014-04-27 21:03 - 2014-04-27 21:03 - 00529576 _____ (Incredible Accomplishments ) C:\Users\Cindy\Downloads\SetupReadyDriverPlus.exe
    2014-04-27 20:59 - 2014-04-27 20:59 - 00000000 ____D () C:\Program Files\PeerGuardian2
    2014-04-27 20:46 - 2014-04-27 20:46 - 00000000 ____D () C:\Users\Cindy\Downloads\PeerGuardian_TSV38DL05
    2014-04-27 13:22 - 2014-04-27 13:24 - 05461832 _____ () C:\Users\Cindy\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2014-04-25 20:38 - 2014-04-25 20:38 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0027.sys
    2014-04-25 20:37 - 2014-04-25 20:37 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\see.sys
    2014-04-25 20:23 - 2014-04-26 15:09 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2014-04-25 12:50 - 2014-05-21 16:27 - 00003372 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser860E\ntuser.ini
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser1162\ntuser.ini
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser860E
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser1162
    2014-04-24 17:58 - 2014-02-25 21:31 - 00000000 ____D () C:\Users\fbwuser860E\AppData\Local\Microsoft Help
    2014-04-24 17:58 - 2014-02-25 21:31 - 00000000 ____D () C:\Users\fbwuser1162\AppData\Local\Microsoft Help
    2014-04-24 17:58 - 2011-01-08 18:06 - 00000000 ____D () C:\Users\fbwuser860E\AppData\Roaming\Macromedia
    2014-04-24 17:58 - 2011-01-08 18:06 - 00000000 ____D () C:\Users\fbwuser1162\AppData\Roaming\Macromedia
    2014-04-24 17:58 - 2011-01-08 17:53 - 00001974 _____ () C:\Users\fbwuser860E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
    2014-04-24 17:58 - 2011-01-08 17:53 - 00001974 _____ () C:\Users\fbwuser1162\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
    2014-04-24 17:58 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\fbwuser860E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-04-24 17:58 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\fbwuser1162\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-04-24 17:58 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\fbwuser860E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-04-24 17:58 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\fbwuser1162\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-04-24 17:45 - 2014-04-24 17:45 - 00013450 _____ () C:\Users\Cindy\Downloads\OpenVPN-Certificate-Bundle-Dec2013.zip
    2014-04-24 17:34 - 2014-04-24 17:35 - 04639202 _____ () C:\Users\Cindy\Downloads\MUTE_fileSharing-0.5.1_Windows.exe
    2014-04-24 15:25 - 2014-04-24 15:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-04-24 00:41 - 2014-04-24 00:41 - 00000000 ____D () C:\Users\Public\Documents\Old Firefox Data

    ==================== One Month Modified Files and Folders =======

    2014-05-24 21:05 - 2014-05-24 21:05 - 00020659 _____ () C:\Users\Cindy\Desktop\FRST.txt
    2014-05-24 21:05 - 2014-05-24 21:05 - 00000000 ____D () C:\FRST
    2014-05-24 21:02 - 2014-05-24 21:02 - 02066432 _____ (Farbar) C:\Users\Cindy\Desktop\FRST64.exe
    2014-05-24 20:48 - 2013-06-23 16:03 - 00000000 ____D () C:\ProgramData\MFAData
    2014-05-24 20:28 - 2013-06-26 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-24 19:16 - 2011-01-08 17:38 - 01892863 _____ () C:\Windows\WindowsUpdate.log
    2014-05-24 13:46 - 2014-03-28 09:02 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCindy
    2014-05-24 13:46 - 2014-03-28 09:02 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCindy.job
    2014-05-24 13:12 - 2009-07-13 23:45 - 00015792 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-24 13:12 - 2009-07-13 23:45 - 00015792 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-24 13:11 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-05-24 13:07 - 2013-08-08 14:41 - 00033070 _____ () C:\Windows\setupact.log
    2014-05-24 13:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-24 13:01 - 2014-05-24 12:56 - 00000000 ____D () C:\AdwCleaner
    2014-05-24 12:46 - 2014-05-20 18:51 - 00591051 _____ () C:\Windows\SysWOW64\_q5C84hNuFyw
    2014-05-23 13:12 - 2013-07-05 12:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-05-23 13:12 - 2013-06-28 20:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-05-23 13:10 - 2013-06-28 20:25 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\HpUpdate
    2014-05-21 20:31 - 2013-08-13 21:41 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\avidemux
    2014-05-21 20:30 - 2014-05-12 23:25 - 00000000 ____D () C:\Users\Cindy\Desktop\New folder
    2014-05-21 20:15 - 2013-11-20 20:25 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\HandBrake
    2014-05-21 18:44 - 2013-06-22 22:00 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2014-05-21 18:23 - 2013-09-12 17:20 - 00001060 _____ () C:\Users\Cindy\AppData\Roaming\DVDSubEdit.ini
    2014-05-21 18:23 - 2013-06-23 18:04 - 00000000 ____D () C:\Program Files (x86)\Subrip
    2014-05-21 18:20 - 2013-09-12 17:19 - 00018227 _____ () C:\Users\Cindy\AppData\Roaming\DVDSubEditLastFile0.txt
    2014-05-21 18:05 - 2014-05-21 18:05 - 00000000 ____D () C:\Bones 9x24 The Recluse in the Recliner
    2014-05-21 18:05 - 2013-07-27 14:24 - 00000000 ____D () C:\Users\Cindy\Documents\TMPGEnc DVD Author
    2014-05-21 17:18 - 2014-05-21 17:18 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\13848
    2014-05-21 16:30 - 2013-07-30 15:38 - 00000000 ____D () C:\Users\Cindy\Documents\TMPGEnc DVD
    2014-05-21 16:27 - 2014-04-25 12:50 - 00003372 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001
    2014-05-21 16:27 - 2014-03-20 14:15 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001
    2014-05-21 00:21 - 2014-05-21 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
    2014-05-21 00:21 - 2014-03-04 19:33 - 00000000 ____D () C:\Program Files (x86)\SlySoft
    2014-05-21 00:21 - 2013-07-22 21:17 - 00000125 ___SH () C:\ProgramData\.zreglib
    2014-05-21 00:21 - 2013-06-22 22:27 - 00000000 ____D () C:\Users\Cindy\Desktop\Mosted Used
    2014-05-21 00:06 - 2014-05-21 00:06 - 00003699 _____ () C:\Users\Cindy\Desktop\My Documents - Shortcut.lnk
    2014-05-20 19:49 - 2013-08-12 21:09 - 00338802 _____ () C:\Windows\PFRO.log
    2014-05-20 19:12 - 2014-05-20 19:05 - 00000000 ____D () C:\Users\Cindy\Downloads\SlySoft AnyDVD & AnyDVD HD 7.3.8.0 Final ML+Activator
    2014-05-20 19:00 - 2014-05-20 18:59 - 10952784 _____ () C:\Users\Cindy\Documents\SetupAnyDVD7470.exe
    2014-05-20 18:56 - 2014-05-20 18:56 - 00003268 _____ () C:\Windows\System32\Tasks\{8AA80B57-CD38-40C7-A0EF-328EC9218C75}
    2014-05-20 18:54 - 2013-06-23 00:05 - 00000000 ____D () C:\Users\Cindy\AppData\Local\CrashDumps
    2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Cindy\AppData\Local\11360
    2014-05-20 18:45 - 2013-10-24 15:35 - 00268288 ___SH () C:\Users\Cindy\Documents\Thumbs.db
    2014-05-20 17:11 - 2013-06-22 23:41 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
    2014-05-20 13:16 - 2014-05-20 12:54 - 1788807101 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.mkv
    2014-05-20 12:40 - 2014-03-17 19:12 - 00003350 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001
    2014-05-20 12:40 - 2014-03-17 19:12 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001
    2014-05-20 03:31 - 2014-04-12 21:22 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate
    2014-05-20 03:30 - 2013-06-27 23:21 - 00000000 ____D () C:\ProgramData\VSO
    2014-05-20 03:25 - 2013-06-27 23:21 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\Vso
    2014-05-19 23:07 - 2013-06-27 23:26 - 00000000 ____D () C:\Users\Cindy\Documents\ConvertXtoDVD
    2014-05-19 20:39 - 2014-05-19 20:38 - 00273993 _____ () C:\Users\Cindy\Desktop\Rosemary's Baby 2014.srt
    2014-05-18 16:45 - 2013-06-22 14:04 - 00000000 ____D () C:\Desktop Nexus
    2014-05-18 14:36 - 2011-01-08 17:59 - 00000000 ____D () C:\ProgramData\PDFC
    2014-05-17 16:02 - 2013-06-22 22:07 - 00000575 _____ () C:\Users\Cindy\AppData\Roaming\AutoGK.ini
    2014-05-16 15:30 - 2014-03-23 21:08 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\uTorrent
    2014-05-16 14:53 - 2013-06-22 22:49 - 00000000 ____D () C:\AVIs
    2014-05-16 14:46 - 2013-06-25 20:11 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\vlc
    2014-05-16 14:45 - 2013-10-25 01:05 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\dvdcss
    2014-05-16 13:43 - 2014-03-21 22:39 - 00000000 ____D () C:\Users\Cindy\Downloads\DVDFAB v9.1.3.6 + Activators [danhuk]
    2014-05-16 13:14 - 2014-05-16 13:14 - 02422638 _____ () C:\Users\Cindy\Downloads\RealHideIP-4.3.8.8.Setup.exe
    2014-05-16 13:05 - 2014-03-21 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
    2014-05-16 13:05 - 2013-06-22 23:42 - 00000000 ____D () C:\Users\Cindy\Documents\DVDFab9
    2014-05-16 12:56 - 2014-05-16 12:56 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\26346
    2014-05-16 11:53 - 2013-06-22 21:30 - 00194824 _____ () C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-05-15 11:25 - 2009-07-13 23:45 - 00618456 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-05-14 17:54 - 2013-11-27 19:29 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
    2014-05-14 16:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-14 13:30 - 2013-06-26 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-14 13:30 - 2013-06-26 14:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-14 13:30 - 2013-06-26 14:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-14 13:26 - 2014-04-16 19:03 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Photo Explosion
    2014-05-14 13:24 - 2011-01-08 17:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-05-14 13:03 - 2013-06-22 21:31 - 00000000 ___RD () C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-14 13:03 - 2013-06-22 21:31 - 00000000 ___RD () C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-13 21:24 - 2014-04-23 13:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-13 21:22 - 2013-07-10 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-05-13 21:20 - 2013-07-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-13 21:18 - 2013-06-23 21:14 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-13 21:13 - 2013-08-21 13:41 - 00000000 ____D () C:\ProgramData\Adobe
    2014-05-13 21:08 - 2013-06-22 21:49 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\Adobe
    2014-05-13 21:05 - 2014-05-13 21:05 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-05-12 14:09 - 2014-05-12 15:10 - 00109699 _____ () C:\Users\Public\Documents\Once Upon a Time 3x22 There's No Place Like Home.srt
    2014-05-10 12:59 - 2013-10-27 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-09 15:12 - 2014-05-09 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-09 13:18 - 2009-07-13 21:34 - 00000831 _____ () C:\Windows\win.ini
    2014-05-09 01:14 - 2014-05-13 21:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 01:11 - 2014-05-13 21:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-05 23:40 - 2014-05-13 21:21 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-05 23:17 - 2014-05-13 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-05 22:25 - 2014-05-13 21:21 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-05 22:07 - 2014-05-13 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-05 22:00 - 2014-05-13 21:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-05 21:10 - 2014-05-13 21:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-04 18:50 - 2014-05-04 18:50 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\19706
    2014-05-04 18:46 - 2014-05-04 18:46 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\18814
    2014-05-02 01:38 - 2013-06-28 20:25 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\HP Support Assistant
    2014-04-28 15:16 - 2014-04-27 22:56 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\RealHideIP
    2014-04-28 15:16 - 2014-04-27 22:56 - 00000000 ____D () C:\ProgramData\RealHideIP
    2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
    2014-04-28 15:15 - 2014-04-28 15:15 - 00000000 ____D () C:\Program Files (x86)\RealHideIP
    2014-04-27 23:53 - 2014-04-27 23:24 - 00000000 ____D () C:\Users\Cindy\Downloads\Real Hide IP V4.0.9.2 + Crack {blaze69}
    2014-04-27 23:01 - 2014-04-27 23:01 - 00972392 _____ () C:\Users\Cindy\Downloads\Software Crack Installer.zip
    2014-04-27 22:54 - 2014-04-27 22:39 - 00000000 ____D () C:\Program Files (x86)\FreeHideIP
    2014-04-27 22:50 - 2014-04-27 22:48 - 01510806 _____ () C:\Users\Cindy\Downloads\Super Hide IP 3.0.6.2.rar
    2014-04-27 22:47 - 2014-04-27 22:46 - 04332714 _____ () C:\Users\Cindy\Downloads\Free_Hide_IP_3.9.6.6_Key_Downloader.exe
    2014-04-27 22:39 - 2014-04-27 22:39 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\FreeHideIP
    2014-04-27 22:09 - 2014-04-27 22:09 - 00000032 _____ () C:\Windows\go
    2014-04-27 21:03 - 2014-04-27 21:03 - 00529576 _____ (Incredible Accomplishments ) C:\Users\Cindy\Downloads\SetupReadyDriverPlus.exe
    2014-04-27 20:59 - 2014-04-27 20:59 - 00000000 ____D () C:\Program Files\PeerGuardian2
    2014-04-27 20:46 - 2014-04-27 20:46 - 00000000 ____D () C:\Users\Cindy\Downloads\PeerGuardian_TSV38DL05
    2014-04-27 16:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-04-27 15:34 - 2013-08-12 20:35 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
    2014-04-27 15:32 - 2013-06-23 16:17 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
    2014-04-27 15:26 - 2013-06-22 22:42 - 00782470 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-04-27 13:24 - 2014-04-27 13:22 - 05461832 _____ () C:\Users\Cindy\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2014-04-26 15:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-26 15:09 - 2014-04-25 20:23 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2014-04-26 13:32 - 2013-06-26 14:21 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Adobe
    2014-04-25 20:38 - 2014-04-25 20:38 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0027.sys
    2014-04-25 20:37 - 2014-04-25 20:37 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\see.sys
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser860E\ntuser.ini
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000020 ___SH () C:\Users\fbwuser1162\ntuser.ini
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser860E
    2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\fbwuser1162
    2014-04-24 17:45 - 2014-04-24 17:45 - 00013450 _____ () C:\Users\Cindy\Downloads\OpenVPN-Certificate-Bundle-Dec2013.zip
    2014-04-24 17:35 - 2014-04-24 17:34 - 04639202 _____ () C:\Users\Cindy\Downloads\MUTE_fileSharing-0.5.1_Windows.exe
    2014-04-24 15:25 - 2014-04-24 15:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-04-24 15:25 - 2013-08-21 13:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-04-24 00:41 - 2014-04-24 00:41 - 00000000 ____D () C:\Users\Public\Documents\Old Firefox Data

    Files to move or delete:
    ====================
    C:\Windows\SysWOW64\WinMonitor.exe
    C:\Windows\SysWOW64\libs.exe


    Some content of TEMP:
    ====================
    C:\Users\Cindy\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


    LastRegBack: 2014-05-19 13:54

    ==================== End Of Log ============================

    This is the Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014
    Ran by Cindy at 2014-05-24 21:05:43
    Running from C:\Users\Cindy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: AVG Internet Security Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: AVG Internet Security Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security Business Edition (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

    ==================== Installed Programs ======================

    µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
    2011 Hallmark Registration Bonus Pack (HKLM-x32\...\{E0570DE2-4B9D-47B6-A034-3B18829C0EAC}) (Version: 1.0.0.1 - Creative Home)
    64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
    Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version: - )
    Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Any Video Converter Ultimate 4.5.7 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.0.0 - SlySoft)
    ArcSoft Funhouse (HKLM-x32\...\{21A7C708-D575-491C-94AE-86FFCF2BF19F}) (Version: - )
    ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.0.1.119 - ArcSoft)
    ArcSoft TotalMedia Theatre 6 (x32 Version: 6.0.1.119 - ArcSoft) Hidden
    Ashampoo Music Studio 4 v.4.1.0 (HKLM-x32\...\{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1) (Version: 4.1.0 - Ashampoo GmbH & Co. KG)
    ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
    Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
    AVG (HKLM\...\AVG) (Version: 3469 - AVG Technologies)
    AVG 2013 (Version: 13.0.3469 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.3629 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
    AVG PC TuneUp 10.0.0.27 PreCracked (HKCU\...\AVG PC TuneUp 10.0.0.27 PreCracked) (Version: - )
    Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
    CCExtractor (HKLM-x32\...\{146FDB2F-63F9-4471-9CE9-B00527D92EBC}) (Version: 0.66.0 - CCExtractor)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
    Click'N Design 3D V4.82 (HKLM-x32\...\Click'N Design 3D V4.82) (Version: 4.0 - CD Stomper)
    CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
    Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden
    D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
    DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.22 - DivX, Inc. )
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    DVDFab 9.1.4.5 (14/05/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Gimp 2.6.2 Debug (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
    GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    Hallmark Card Studio 2011 Deluxe (HKLM-x32\...\{62687EAC-F27D-49AC-A0E2-3899B0459113}) (Version: 12.0.2.6 - Hallmark Software)
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Game Console (x32 Version: - WildTangent) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
    jetAudio Plus (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 9.7.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.5 - )
    K-Lite Mega Codec Pack 9.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
    Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Digital Image Library 9 - Blocker (x32 Version: 9.00.0000 - Microsoft Corporation) Hidden
    Microsoft Home Publishing 2000 (HKLM-x32\...\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}) (Version: 4.0.0000 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
    Microsoft Photo Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0706 - Microsoft Corporation)
    Microsoft Photo Premium 10 (x32 Version: 10.0.0706 - Microsoft Corporation) Hidden
    Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
    Microsoft Picture It! Library 10 (x32 Version: 10.0.0706 - Microsoft Corporation) Hidden
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    MKV to AVI Video Converter v1.1 (HKLM-x32\...\MKV to AVI Video Converter_is1) (Version: 1.1.0.0 - DVDAVITools)
    MKVToolNix 6.9.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
    Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
    Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
    Nero Blu-ray Player (x32 Version: 12.0.20031 - Nero AG) Hidden
    Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
    Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
    Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
    Nero Burning ROM Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
    Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
    Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
    Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
    Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
    Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
    Nero Express (x32 Version: 15.0.19000 - Nero AG) Hidden
    Nero Express Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
    Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Image Samples (x32 Version: 15.0.10008 - Nero AG) Hidden
    Nero Info (x32 Version: 15.1.0023 - Nero AG) Hidden
    Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Launcher (x32 Version: 15.0.8000 - Nero AG) Hidden
    Nero MediaHome (x32 Version: 1.20.8200 - Nero AG) Hidden
    Nero MediaHome Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
    Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
    Nero Platinum Effects 12 (x32 Version: 15.0.10011 - Nero AG) Hidden
    Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
    Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
    Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
    Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
    Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
    Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
    Nero SoundTrax Help (CHM) (x32 Version: 12.0.14000 - Nero AG) Hidden
    Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
    Nero Video (x32 Version: 15.0.12000 - Nero AG) Hidden
    Nero Video Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
    Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero WaveEditor Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    palmOne (HKLM-x32\...\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}) (Version: 4.1.0420 - palmOne, Inc.)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    PeerGuardian 2.0 (x32 Version: 2.0.6.4 - Methlabs Productions) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Pogoplug PC (HKLM\...\PogoplugPC) (Version: 1.1.14 - Cloud Engines Inc.)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
    Presto! DVD Composer (HKLM-x32\...\{994DAD5D-F235-11D6-AC57-0050BA1D384D}) (Version: - )
    Presto! Mr. Photo 3 (HKLM-x32\...\{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}) (Version: - )
    Presto! PixExpress (HKLM-x32\...\{50B59CBA-C099-4A83-9EE7-3B1B28CD7897}) (Version: - )
    PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
    QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Real Hide IP (HKLM-x32\...\RealHideIP) (Version: 4.0.9.2 - )
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    Re-markit (HKLM-x32\...\e328a920-58cd-4e08-87a2-be7554d6842f) (Version: - Re-markit Software) <==== ATTENTION
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Roxio BackOnTrack (x32 Version: 4.5 - Roxio) Hidden
    Roxio Central (x32 Version: 7.0.0 - Roxio) Hidden
    Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
    Roxio Creator NXT Pro (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
    Roxio Creator NXT Pro (x32 Version: 1.4.184 - Roxio) Hidden
    Roxio Secure Burn (x32 Version: 2.0 - Roxio) Hidden
    Roxio VHS Capture Driver (x32 Version: 1.05.0000 - Corel) Hidden
    Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Smart Start UP (HKLM-x32\...\{2C9241DC-E141-4BB9-99F2-0BC54D81862F}) (Version: - )
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
    Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    Subtitle Edit 3.3.12 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.12.2367 - Nikse)
    Subtitle Translation Wizard 4.1 (HKLM-x32\...\Subtitle Translation Wizard_is1) (Version: - upRedSun, Inc.)
    Subtitle Workshop 6.0a (HKLM-x32\...\SubtitleWorkshop) (Version: - )
    The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
    TMPGEnc DVD Author 1.6 (HKLM-x32\...\{52E9D791-5A64-474D-A575-20ADC2446B3B}) (Version: 1.6.34.89 - Pegasys Inc.)
    TMPGEnc Sound Player (HKLM-x32\...\{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}) (Version: 1.0.2.9 - Pegasys Inc.)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.6.3 - Tweaking.com)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
    USB Video Device (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
    VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC Codec Pack 2.0.5 (HKLM-x32\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
    VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)
    VSO CopyToDVD 4 (HKLM-x32\...\{870F1750-BA89-11DA-A94D-0800200C9A66}_is1) (Version: 4.3.1.12c - VSO Software)
    WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WinX HD Video Converter Deluxe version WinX HD Video Converter Deluxe 5.0.4 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: WinX HD Video Converter Deluxe 5.0.4 - Digiarty Software, Inc.)
    WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
    Wondershare Video Converter Ultimate(Build 6.0.0.18) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.0.0.18 - Wondershare Software)
    XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Restore Points =========================

    25-05-2014 02:04:18 5-24 2014

    ==================== Hosts content: ==========================

    2009-07-13 21:34 - 2014-04-27 15:30 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {01079806-7CE1-4924-876B-AC9BF2259CD3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-24] ()
    Task: {0D1EE808-0460-4160-832C-A49D6829B202} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-13] (Microsoft)
    Task: {0E61D5B0-477E-4DE8-BDF4-3E1BA7CCA8CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {0F1EC480-F153-48D2-B6FD-09F3596E1BC3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {1EB25CEC-77E4-4EA2-9A94-EA1EAF6E4A49} - \DSite No Task File <==== ATTENTION
    Task: {2698839D-EDDE-4566-9194-4C55353A6CEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {2BC22FE1-59CF-4DD0-88E0-8D2EDEC5F32E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {3F1D4775-9840-4BF1-B120-604EE1E4BBCE} - \Express FilesUpdate No Task File <==== ATTENTION
    Task: {44926EDA-C273-4963-8044-E49D4B05A7CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {4A0AD197-2E73-4ABD-919A-E645986D472C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {4E491FFC-AEED-40FC-89D3-D77B9BCAC18F} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {56D87F20-65D1-4405-ADB5-47F898F54681} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {5DC872ED-EF5B-48B2-BFD8-086578C36506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
    Task: {718A6B55-5496-4B56-A6B7-1A817592FBA8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {79B65A33-B53C-4FB9-AFC7-65A16DDA9AA9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {935EC0EA-F6A1-44C9-855A-20A8585035F9} - System32\Tasks\HPCeeScheduleForMOVIE_MACHINE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {9E24D72D-578E-4951-8EC5-5C1FC046F3C4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
    Task: {A93E1FBC-4216-4307-8AF3-0152AA1AA256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {B4219348-93A8-43F7-A722-374872B2152A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {B5448C57-B025-4264-B920-1E2F8750832D} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {C6AA6B7F-E1F8-4E25-8BD7-2BA9C85D7CBD} - \GoforFilesUpdate No Task File <==== ATTENTION
    Task: {DF18A553-BD5A-49E2-AF62-690798E04C03} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
    Task: {E609EF7A-FEDF-4386-89B9-BD9A61A7E966} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Cindy Logon => C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\BoostSpeed.exe [2011-11-03] (AVG)
    Task: {E8A82F63-E2D5-4F26-A754-AFDEBAB299F2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4259794245-1445099586-904811632-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {E8E29FB4-CA2B-43BF-B131-466DD5768244} - System32\Tasks\HPCeeScheduleForCindy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForCindy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForMOVIE_MACHINE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-06-20 16:48 - 2012-06-20 16:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    2012-07-11 02:04 - 2012-07-11 02:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-04-18 21:05 - 2012-09-06 18:40 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
    2013-06-22 22:04 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
    2012-07-05 20:47 - 2012-07-05 20:47 - 00185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2012-07-05 20:47 - 2012-07-05 20:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
    2012-07-11 02:04 - 2012-07-11 02:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
    2012-07-11 02:04 - 2012-07-11 02:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
    2012-07-11 02:04 - 2012-07-11 02:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
    2012-01-20 17:31 - 2011-11-03 11:21 - 00350024 _____ () C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madExcept_.bpl
    2012-01-20 17:31 - 2011-11-03 11:21 - 00184136 _____ () C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madBasic_.bpl
    2012-01-20 17:31 - 2011-11-03 11:21 - 00050504 _____ () C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madDisAsm_.bpl

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\Windows\pss\HotSync Manager.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMenu.lnk => C:\Windows\pss\TrayMenu.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Cindy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk => C:\Windows\pss\palmOne Registration.lnk.Startup
    MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Cindy\AppData\Local\Smartbar\Application\SnapDo.exe startup
    MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: Ekhtion => regsvr32.exe C:\Users\Cindy\AppData\Local\Ekhtion\CncctrlMon.dll
    MSCONFIG\startupreg: ExpressFiles => "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: iLivid => "C:\Users\Cindy\AppData\Local\iLivid\iLivid.exe" -autorun
    MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Cindy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
    MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
    MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
    MSCONFIG\startupreg: PogoplugPC => "C:\Program Files (x86)\PogoplugPC\ppserver.exe" --starthidden
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe"
    MSCONFIG\startupreg: Security Updates => "C:\Users\Cindy\AppData\Local\Temp\install-security-updates.exe"
    MSCONFIG\startupreg: Smart Start UP => C:\Program Files (x86)\NewSoft\Smart Start UP\PnPDetect.exe /Automation
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
    MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: tsiVideo => C:\Windows\SysWOW64\rundll32.exe C:\Users\Cindy\AppData\Local\Temp\\mdi564.dll,runme
    MSCONFIG\startupreg: tsnp2uvc => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
    MSCONFIG\startupreg: TWC.Win7 => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\XviD\CheckUpdate.exe
    MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Cindy\AppData\Roaming\Yontoo\YontooDesktop.exe"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/24/2014 04:00:04 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (05/24/2014 01:29:55 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/24/2014 01:25:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/24/2014 01:21:48 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/24/2014 01:13:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/24/2014 01:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
    Exception code: 0xe0434352
    Fault offset: 0x000000000000940d
    Faulting process id: 0x6f4
    Faulting application start time: 0xAutoKMS.exe0
    Faulting application path: AutoKMS.exe1
    Faulting module path: AutoKMS.exe2
    Report Id: AutoKMS.exe3

    Error: (05/24/2014 01:07:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: AutoKMS.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Exception
    Stack:
    at ..(System.String, System.String, ., System.String)
    at ...ctor()
    at ..(.)
    at ..()

    Error: (05/24/2014 01:01:06 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/24/2014 00:52:59 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/24/2014 00:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
    Exception code: 0xe0434352
    Fault offset: 0x000000000000940d
    Faulting process id: 0x6dc
    Faulting application start time: 0xAutoKMS.exe0
    Faulting application path: AutoKMS.exe1
    Faulting module path: AutoKMS.exe2
    Report Id: AutoKMS.exe3


    System errors:
    =============
    Error: (05/24/2014 04:14:41 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (05/24/2014 01:07:31 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (05/24/2014 01:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Toolbar Updater service failed to start due to the following error:
    %%2

    Error: (05/24/2014 01:07:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Roxio Hard Drive Watcher 14 service terminated with the following error:
    %%-2147467243

    Error: (05/24/2014 01:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LEC TranslateDotNet Server service failed to start due to the following error:
    %%2

    Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (05/24/2014 01:03:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (05/24/2014 04:00:04 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (05/24/2014 01:29:55 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (05/24/2014 01:25:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (05/24/2014 01:21:48 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (05/24/2014 01:13:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (05/24/2014 01:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: AutoKMS.exe2.5.0.052aef33fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d6f401cf777b01cf43acC:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll47c331f1-e36e-11e3-8314-00ac7e8d77a9

    Error: (05/24/2014 01:07:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: AutoKMS.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Exception
    Stack:
    at ..(System.String, System.String, ., System.String)
    at ...ctor()
    at ..(.)
    at ..()

    Error: (05/24/2014 01:01:06 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (05/24/2014 00:52:59 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (05/24/2014 00:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: AutoKMS.exe2.5.0.052aef33fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d6dc01cf7778166976b0C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll66578979-e36b-11e3-918a-00ac7e8d77a9


    CodeIntegrity Errors:
    ===================================
    Date: 2014-04-27 21:28:43.913
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:28:43.788
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:28:31.527
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:28:31.386
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:27:40.234
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:27:40.093
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:22:28.933
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:22:28.808
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:18:49.260
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-04-27 21:18:49.120
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 31%
    Total physical RAM: 5887.28 MB
    Available physical RAM: 4051.95 MB
    Total Pagefile: 11772.73 MB
    Available Pagefile: 9867.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:671.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 932 GB) (Disk ID: 02CAAD5A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi kookie56,

    Well your computer isn't in as bad shape as I had expected. Right off I only see one bad malware and some PUPs. That's a big Log and it will take me some time to go all over it so, please have patients and I'll get it as soon as possible.

    Were you able to rid that add/remove listing? If not, tell me what it is and I'll take care of it along with the other things. Also, do you have any other problems? Let me know before I start and we'll try to take care of them as well.
     
  7. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    It was a virus called snapdo. I used all the things you said to use and got rid of it, but it is still listed in the Add/Remove Programs.
    Thank you
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yes, I found it and have it up for removal. I found some other malware deep in the Log and should complete the fix later this afternoon so will get back to you then.

    Are you having any kind of problems with the computer that I can check for???

    2oG
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi kookie,

    Here is the Fix I prepared for your computer. Just follow the instructions. If you have any questions before going ahead, please ask.


    Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the code box into Notepad:


    Code:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-4259794245-1445099586-904811632-1001\...\Run: [] => [X]
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File
    S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-26] ()
    S2 TolbarUpdater; C:\Users\Cindy\AppData\Local\Temp\ToolbarUpdater.exe [X]
    C:\Windows\SysWOW64\WinMonitor.exe
    C:\Windows\SysWOW64\libs.exe
    C:\Windows\SysWOW64\srvany.exe
    C:\Users\Cindy\AppData\Local\Temp\Quarantine.exe
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
    Re-markit (HKLM-x32\...\e328a920-58cd-4e08-87a2-be7554d6842f) (Version: - Re-markit Software) <==== ATTENTION
    C:\Program Files (x86)\Re-markit
    Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
    Task: {1EB25CEC-77E4-4EA2-9A94-EA1EAF6E4A49} - \DSite No Task File <==== ATTENTION
    Task: {3F1D4775-9840-4BF1-B120-604EE1E4BBCE} - \Express FilesUpdate No Task File <==== ATTENTION
    Task: {4E491FFC-AEED-40FC-89D3-D77B9BCAC18F} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {B5448C57-B025-4264-B920-1E2F8750832D} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {C6AA6B7F-E1F8-4E25-8BD7-2BA9C85D7CBD} - \GoforFilesUpdate No Task File <==== ATTENTION
    Task: {DF18A553-BD5A-49E2-AF62-690798E04C03} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
    MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Cindy\AppData\Local\Smartbar\Application\SnapDo.exe startup
    MSCONFIG\startupreg: Ekhtion => regsvr32.exe C:\Users\Cindy\AppData\Local\Ekhtion\CncctrlMon.dll
    C:\Users\Cindy\AppData\Local\Ekhtion
    MSCONFIG\startupreg: iLivid => "C:\Users\Cindy\AppData\Local\iLivid\iLivid.exe" -autorun
    C:\Users\Cindy\AppData\Local\iLivid
    MSCONFIG\startupreg: Security Updates => "C:\Users\Cindy\AppData\Local\Temp\install-security-updates.exe"
    C:\Users\Cindy\AppData\Local\Temp\install-security-updates.exe
    MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Cindy\AppData\Roaming\Yontoo\YontooDesktop.exe"
    C:\Users\Cindy\AppData\Roaming\Yontoo\YontooDesktop.exe
    
    



    Click on File > Save As....

    In the File Name box, copy and paste in fixlist.txt

    Click Save and save it to the same folder containing FRST (desktop?).

    Double click on FRST.exe click the Fix button then OK.

    Now reboot, check it out and let me know how things are.

    2oG
     
    Last edited: May 25, 2014
  10. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    I already deleted the the log texts.
    I am not having any trouble with my computer, as far as it running okay.
    The only thing is the snapdo in my Add/Remove Programs folder that I can't get rid of.
    I don't know what other problems I have, but I don't notice it when I am on the computer.
    Thank you
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    My Bad, it was left out of my fix and I overlooked it. Getting old, I guess. LOL
    Do this little fix and it will remove the Snapdo entry...

    Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the code box into Notepad:


    Code:
    Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
    



    Click on File > Save As....

    In the File Name box, copy and paste in fixlist.txt

    Click Save and save it to the same folder containing FRST (desktop?).

    Double click on FRST.exe click the Fix button then OK.

    Check it out and let me know..

    2oG
     
  12. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    This is what I got after clicking on fix:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
    Ran by Cindy at 2014-05-27 13:46:47 Run:1
    Running from C:\Users\Cindy\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
    *****************


    ==== End of Fixlog ====

    The thing is.....snapdo is still listed in the Add/Remove Programs.

    Was this suppose to remove it?
    If so......What now?

    Thank you
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Oh kookie, what a problem.. :) just kidding.

    Yes this was supposed to remove it and if you used ccleaner that too was supposed to remove it.

    If I had your computer in front of me, I could remove it by searching the registry but that would be a process where you would need advanced knowledge.

    It is a dead entry in the registry that hurts nothing except your desire to get rid of it. lol

    Try to think about it like this: When you were young you carved your boyfriends phone number in the top of the table where the phone was and since then the boy has moved and the number is no longer in service. It's an eye sore but is not doing any harm.

    My advice is to just ignore it or if you know someone that has the knowledge to remove it ask them to do it for you.

    I would hate to try instructing you over a back and forth post on here and as I said; It hurts nothing...

    2oG
     
  14. kookie56

    kookie56 Regular member

    Joined:
    Nov 22, 2009
    Messages:
    285
    Likes Received:
    2
    Trophy Points:
    28
    Thank you for taking the time to help me.
    I really appreciate it.
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    You are very welcome.
    Anytime you need help just give me a shout.......

    2oG
     

Share This Page