Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 54

Thread: Instashare has got me!

  1. #1
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default Instashare has got me!

    Hi
    I've at the very least got a problem with Instashare pop up ads. Tried to uninstall. Failed. Used RevoUninstall and that appears to have just hidden it. Ran Malwarebytes but hasn't removed it nor has Spybot. Would appreciate some help.

    Farber Logs below. Trying to get aswMBR log but keeps stalling. Will post when obtained. Thanks

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
    Ran by Jonesboy (administrator) on JONESBOY-PC on 15-09-2014 21:26:40
    Running from C:\Users\Jonesboy\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\ProgramData\DatacardService\DCService.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Interesting Solutions) C:\ProgramData\myXaturuft\ZGtfxyv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    () C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Suunto) C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\Moveslink2.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    () C:\Windows\system\cm106eye.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
    () C:\Program Files (x86)\Star Downloader\stardown.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-11-12] (Synaptics Incorporated)
    HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-11-12] (Synaptics Incorporated)
    HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-03-16] (Lenovo)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-24] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-09-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [Cm106Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
    HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
    HKLM-x32\...\Run: [Lenovo SplitScreen] => C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe [778592 2010-06-23] (Lenovo)
    HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Moveslink2] => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Viber] => C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe [936656 2014-06-10] ()
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efb99-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efbab-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {dfefbe99-e45d-11e1-bbcb-ec55f9ebde21} - E:\AutoRun.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {ff38db40-789b-11e1-aaf9-ec55f9ebde21} - E:\win\setup.exe -phs
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    SearchScopes: HKCU - {175023C8-9E2B-4397-A1BB-D91BB93ABDAD} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: No Name -> {FFFFFEF0-5B30-21D4-945D-000000000000} -> C:\Program Files (x86)\Star Downloader\SDIEInt.dll ()
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///F:/activeX/DCP.cab
    DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///F:/activeX/aplugLiteDL.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    Tcpip\..\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF}: [NameServer] 198.142.0.51 61.88.88.88
    Tcpip\..\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688}: [NameServer] 198.142.0.51 61.88.88.88

    FireFox:
    ========
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: reconinstruments.com/Recon -> C:\Users\Jonesboy\AppData\Roaming\ReconInstruments\ReconUplink\1.0.2.1\npReconUplink.dll (Recon Instruments)
    FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-04]
    FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-04]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> FB2353EF818E000C9EC1B1DDDF8F147F6788363B76B7D4A4E3563D81BDDA2FD4
    CHR DefaultSearchURL: Default -> 3A93E825D69222AF67266526206B5617EC1F7F2100BD65E5D18A6E7AD7FEA498
    CHR Profile: C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02]
    CHR Extension: (Google Drive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-02]
    CHR Extension: (Google Search) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-02]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-24]
    CHR Extension: (Skype Click to Call) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-03]
    CHR Extension: (OneDrive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-08]
    CHR Extension: (Google Wallet) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
    CHR Extension: (Desktop Client for Viber™) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-06-13]
    CHR Extension: (Gmail) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-02]
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-04]
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-06-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
    CHR HKLM-x32\...\Chrome\Extension: [hfimfliilbabfohebppnfomgjljicpdm] - C:\Program Files (x86)\MP3 Rocket\MP3RocketDownloader.crx [2013-03-12]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
    R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [915232 2010-06-14] (Broadcom Corporation.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
    R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8988048 2013-04-03] (DisplayLink Corp.)
    S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
    S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438104 2014-07-10] (Garmin Ltd or its subsidiaries)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-15] (SurfRight B.V.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
    S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
    R2 ZGtfxyv; C:\ProgramData\myXaturuft\ZGtfxyv.exe [2319728 2014-09-14] (Interesting Solutions)
    S2 HPSLPSVC; C:\Users\Jonesboy\AppData\Local\Temp\7zS51CF\hpslpsvc64.dll [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
    R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
    R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
    R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [44944 2013-04-10] ()
    S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
    S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
    R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-06] (JMicron Technology Corp.)
    R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [57072 2010-04-24] (JMicron Technology Corp.)
    R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31344 2010-04-24] (JMicron Technology Corp.)
    S3 massfilter_lte; C:\windows\system32\drivers\massfilter_lte.sys [18456 2011-08-09] (HandSet Incorporated)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated) [File not signed]
    S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.) [File not signed]
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.) [File not signed]
    S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
    U0 xgjbae; C:\Windows\System32\drivers\hnnhhmec.sys [79064 2014-09-15] (Malwarebytes Corporation)
    S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
    U2 IAStorDataMgrSvc; No ImagePath
    U3 IGRS; No ImagePath
    U2 IviRegMgr; No ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 NPF; system32\drivers\NPF.sys [X]
    U2 ReadyComm.DirectRouter; No ImagePath
    U2 RichVideo; No ImagePath
    S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-15 21:26 - 2014-09-15 21:27 - 00035571 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
    2014-09-15 21:25 - 2014-09-15 21:26 - 00000000 ____D () C:\FRST
    2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-15 21:00 - 2014-09-15 21:00 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\hnnhhmec.sys
    2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-09-15 20:59 - 2014-09-15 21:14 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-09-15 20:46 - 2014-09-15 20:49 - 11194928 _____ (SurfRight B.V.) C:\Users\Jonesboy\Downloads\HitmanPro_x64.exe
    2014-09-15 20:32 - 2014-09-15 20:32 - 00000056 _____ () C:\windows\setupact.log
    2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
    2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
    2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
    2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
    2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
    2014-09-15 15:32 - 2014-09-15 15:32 - 00000000 ____D () C:\ProgramData\Browser
    2014-09-14 08:41 - 2014-09-14 08:42 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
    2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
    2014-09-14 08:31 - 2014-09-14 08:32 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup (1).exe
    2014-09-14 08:30 - 2014-09-15 19:14 - 00000000 ____D () C:\Program Files\Common Files\PicRec
    2014-09-14 08:30 - 2014-09-15 19:03 - 00000000 ____D () C:\Program Files (x86)\Acro Software
    2014-09-14 08:30 - 2014-09-14 08:30 - 03608126 _____ (Word-Pdf-Convert Software, Inc. ) C:\Users\Jonesboy\Downloads\power_word_to_pdf_converter.exe
    2014-09-14 08:30 - 2014-08-25 12:14 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
    2014-09-14 08:29 - 2014-09-15 20:41 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
    2014-09-14 08:29 - 2014-09-14 08:29 - 02003352 _____ (Acro Software Inc. ) C:\Users\Jonesboy\Downloads\CuteWriter.exe
    2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
    2014-09-14 08:27 - 2014-09-14 08:27 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup.exe
    2014-09-13 17:52 - 2014-09-13 18:14 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Systweak
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
    2014-09-10 15:54 - 2014-08-20 04:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-09-10 15:54 - 2014-08-20 03:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-09-10 15:54 - 2014-08-19 09:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-09-10 15:54 - 2014-08-19 08:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-09-10 15:54 - 2014-08-19 08:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-09-10 15:54 - 2014-08-19 08:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-09-10 15:54 - 2014-08-19 08:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-09-10 15:54 - 2014-08-19 08:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-09-10 15:54 - 2014-08-19 08:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-09-10 15:54 - 2014-08-19 08:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-09-10 15:54 - 2014-08-19 08:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-09-10 15:54 - 2014-08-19 08:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-09-10 15:54 - 2014-08-19 08:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-09-10 15:54 - 2014-08-19 08:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-09-10 15:54 - 2014-08-19 08:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-09-10 15:54 - 2014-08-19 07:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-09-10 15:54 - 2014-08-19 07:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-09-10 15:54 - 2014-08-19 07:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-09-10 15:54 - 2014-08-19 07:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-09-10 15:54 - 2014-08-19 07:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-09-10 15:54 - 2014-08-19 07:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-09-10 15:54 - 2014-08-19 07:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-09-10 15:54 - 2014-08-19 07:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-09-10 15:54 - 2014-08-19 07:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-09-10 15:54 - 2014-08-19 07:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-09-10 15:54 - 2014-08-19 07:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-09-10 15:54 - 2014-08-19 07:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-09-10 15:54 - 2014-08-19 07:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-09-10 15:54 - 2014-08-19 07:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-09-10 15:54 - 2014-08-19 07:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-09-10 15:54 - 2014-08-19 07:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-09-10 15:54 - 2014-08-19 07:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-09-10 15:54 - 2014-08-19 07:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-09-10 15:54 - 2014-08-19 07:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-09-10 15:54 - 2014-08-19 07:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-09-10 15:54 - 2014-08-19 07:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-10 15:54 - 2014-08-19 07:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-09-10 15:54 - 2014-08-19 07:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-09-10 15:54 - 2014-08-19 07:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-09-10 15:54 - 2014-08-19 07:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-09-10 15:54 - 2014-08-19 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-09-10 15:54 - 2014-08-19 06:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-09-10 15:54 - 2014-08-19 06:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-09-10 15:53 - 2014-08-19 08:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-09-10 15:53 - 2014-08-19 08:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-09-10 15:53 - 2014-08-19 08:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-09-10 15:53 - 2014-08-19 08:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-09-10 15:53 - 2014-08-19 07:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-09-10 15:53 - 2014-08-19 07:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-09-10 15:53 - 2014-08-19 07:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-09-10 15:53 - 2014-08-19 07:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-09-10 15:53 - 2014-08-19 07:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-09-10 15:53 - 2014-08-19 07:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-09-10 15:53 - 2014-08-19 06:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-09-10 15:53 - 2014-08-19 06:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-09-10 15:53 - 2014-08-19 06:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-09-10 15:43 - 2014-06-27 12:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
    2014-09-10 15:43 - 2014-06-27 11:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
    2014-09-10 15:41 - 2014-08-01 21:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
    2014-09-10 15:41 - 2014-08-01 21:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
    2014-09-10 15:41 - 2014-07-07 12:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-09-10 15:41 - 2014-07-07 12:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-09-10 15:41 - 2014-07-07 11:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-09-10 15:41 - 2014-07-07 11:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-09-10 15:41 - 2014-07-07 11:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-09-10 15:41 - 2014-06-24 13:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
    2014-09-10 15:41 - 2014-06-24 12:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
    2014-09-10 15:40 - 2014-09-05 12:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-09-10 15:40 - 2014-09-05 12:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-08-29 12:38 - 2014-08-23 12:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-08-29 12:38 - 2014-08-23 11:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-08-29 12:38 - 2014-08-23 10:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-22 01:54 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-08-22 01:54 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-08-22 01:54 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-08-22 01:54 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-08-22 01:53 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-08-22 01:53 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-08-22 01:53 - 2014-05-14 12:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-08-22 01:53 - 2014-05-14 12:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-08-22 01:53 - 2014-05-14 12:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-08-22 01:53 - 2014-05-14 12:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-08-18 18:54 - 2014-09-13 17:22 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-15 21:27 - 2014-09-15 21:26 - 00035571 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
    2014-09-15 21:26 - 2014-09-15 21:25 - 00000000 ____D () C:\FRST
    2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-15 21:14 - 2014-09-15 20:59 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-09-15 21:13 - 2012-02-27 00:51 - 00000000 ____D () C:\Users\Jonesboy\Documents\Outlook Files
    2014-09-15 21:09 - 2012-04-22 20:24 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Files
    2014-09-15 21:00 - 2014-09-15 21:00 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\hnnhhmec.sys
    2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-09-15 20:59 - 2013-07-02 18:28 - 00004996 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC
    2014-09-15 20:49 - 2014-09-15 20:46 - 11194928 _____ (SurfRight B.V.) C:\Users\Jonesboy\Downloads\HitmanPro_x64.exe
    2014-09-15 20:43 - 2014-05-25 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-15 20:43 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-15 20:43 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-15 20:41 - 2014-09-14 08:29 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
    2014-09-15 20:39 - 2014-05-18 12:32 - 01415212 _____ () C:\windows\WindowsUpdate.log
    2014-09-15 20:38 - 2014-06-13 13:55 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\ViberPC
    2014-09-15 20:37 - 2012-07-28 18:09 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Deployment
    2014-09-15 20:36 - 2014-06-13 13:40 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Viber
    2014-09-15 20:36 - 2012-04-02 21:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-09-15 20:35 - 2013-01-22 11:01 - 00000354 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    2014-09-15 20:35 - 2013-01-10 18:25 - 00000342 _____ () C:\windows\Tasks\spmonitor.job
    2014-09-15 20:35 - 2013-01-10 18:25 - 00000264 _____ () C:\windows\Tasks\SpeedUpMyPC.job
    2014-09-15 20:35 - 2012-02-15 21:17 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-15 20:35 - 2012-02-15 21:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-15 20:33 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-09-15 20:32 - 2014-09-15 20:32 - 00000056 _____ () C:\windows\setupact.log
    2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
    2014-09-15 19:55 - 2012-02-22 14:09 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-09-15 19:55 - 2011-03-16 04:31 - 00000000 ____D () C:\ProgramData\Temp
    2014-09-15 19:53 - 2012-11-22 09:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-15 19:48 - 2012-02-22 17:45 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\PhotoScape
    2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
    2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-09-15 19:15 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
    2014-09-15 19:14 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files\Common Files\PicRec
    2014-09-15 19:03 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files (x86)\Acro Software
    2014-09-15 18:56 - 2012-06-19 17:53 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Skype
    2014-09-15 18:46 - 2012-02-15 00:12 - 00002038 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
    2014-09-15 18:45 - 2012-07-07 17:13 - 00002038 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-09-15 18:45 - 2012-02-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
    2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
    2014-09-15 15:32 - 2014-09-15 15:32 - 00000000 ____D () C:\ProgramData\Browser
    2014-09-15 12:07 - 2012-08-10 15:22 - 00000000 ____D () C:\Program Files (x86)\Hubb Investor
    2014-09-15 11:33 - 2012-07-07 21:50 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-09-14 08:42 - 2014-09-14 08:41 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
    2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
    2014-09-14 08:32 - 2014-09-14 08:31 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup (1).exe
    2014-09-14 08:30 - 2014-09-14 08:30 - 03608126 _____ (Word-Pdf-Convert Software, Inc. ) C:\Users\Jonesboy\Downloads\power_word_to_pdf_converter.exe
    2014-09-14 08:29 - 2014-09-14 08:29 - 02003352 _____ (Acro Software Inc. ) C:\Users\Jonesboy\Downloads\CuteWriter.exe
    2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
    2014-09-14 08:27 - 2014-09-14 08:27 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup.exe
    2014-09-13 22:10 - 2012-02-23 20:36 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\vlc
    2014-09-13 21:39 - 2012-02-19 08:58 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Anti Virus
    2014-09-13 21:23 - 2012-03-04 23:33 - 00001999 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    2014-09-13 20:49 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
    2014-09-13 18:20 - 2014-03-29 00:37 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Tax Docs
    2014-09-13 18:14 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Systweak
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
    2014-09-13 17:22 - 2014-08-18 18:54 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe
    2014-09-11 19:14 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
    2014-09-10 19:36 - 2012-04-02 21:34 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-09-10 19:36 - 2012-04-02 21:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-10 19:36 - 2012-03-05 22:07 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-10 16:58 - 2012-02-19 08:56 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Adobe
    2014-09-10 15:51 - 2013-07-15 18:18 - 00000000 ____D () C:\windows\system32\MRT
    2014-09-10 15:44 - 2012-02-15 16:56 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-09-10 15:42 - 2014-04-24 19:45 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-09-08 22:15 - 2012-10-18 22:44 - 00000000 ____D () C:\Users\Jonesboy\Downloads\YTD
    2014-09-08 18:41 - 2012-08-10 10:38 - 00000000 ___RD () C:\Users\Jonesboy\SkyDrive
    2014-09-08 15:25 - 2009-07-14 15:13 - 00006620 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-09-05 12:10 - 2014-09-10 15:40 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-09-05 12:05 - 2014-09-10 15:40 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-09-04 09:14 - 2012-06-19 17:53 - 00000000 ____D () C:\ProgramData\Skype
    2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-09-04 09:13 - 2012-06-19 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-08-31 21:51 - 2014-03-28 23:44 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Pt Cook
    2014-08-29 12:54 - 2009-07-14 14:45 - 00437128 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-08-29 10:29 - 2014-06-22 00:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-08-27 11:55 - 2012-02-22 17:38 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-25 12:14 - 2014-09-14 08:30 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
    2014-08-23 22:20 - 2013-10-18 01:15 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
    2014-08-23 22:20 - 2013-10-18 01:15 - 00000000 ____D () C:\Program Files\Java
    2014-08-23 22:16 - 2012-03-04 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-23 22:14 - 2013-10-01 20:16 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-23 12:07 - 2014-08-29 12:38 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-08-23 11:45 - 2014-08-29 12:38 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-08-23 10:59 - 2014-08-29 12:38 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-22 01:50 - 2012-02-15 21:03 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Apple
    2014-08-20 22:02 - 2012-03-05 09:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Windows Live
    2014-08-20 04:05 - 2014-09-10 15:54 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-08-20 03:39 - 2014-09-10 15:54 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-08-19 22:03 - 2014-01-26 21:30 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Run Swim Ride
    2014-08-19 09:01 - 2014-09-10 15:54 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-08-19 08:29 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-08-19 08:29 - 2014-09-10 15:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-08-19 08:26 - 2014-09-10 15:53 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-08-19 08:20 - 2014-09-10 15:53 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-08-19 08:19 - 2014-09-10 15:53 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-08-19 08:15 - 2014-09-10 15:54 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-08-19 08:15 - 2014-09-10 15:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-08-19 08:14 - 2014-09-10 15:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-08-19 08:14 - 2014-09-10 15:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-08-19 08:08 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-08-19 08:08 - 2014-09-10 15:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-08-19 08:08 - 2014-09-10 15:53 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-08-19 08:05 - 2014-09-10 15:54 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-08-19 08:03 - 2014-09-10 15:54 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-08-19 08:03 - 2014-09-10 15:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-08-19 08:03 - 2014-09-10 15:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-08-19 07:57 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-08-19 07:56 - 2014-09-10 15:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-08-19 07:51 - 2014-09-10 15:54 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-08-19 07:46 - 2014-09-10 15:54 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-08-19 07:45 - 2014-09-10 15:54 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-08-19 07:45 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-08-19 07:44 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-08-19 07:44 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-08-19 07:42 - 2014-09-10 15:53 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-08-19 07:40 - 2014-09-10 15:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-08-19 07:39 - 2014-09-10 15:54 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-08-19 07:39 - 2014-09-10 15:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-08-19 07:39 - 2014-09-10 15:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-08-19 07:38 - 2014-09-10 15:54 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-08-19 07:37 - 2014-09-10 15:54 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-08-19 07:36 - 2014-09-10 15:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-08-19 07:35 - 2014-09-10 15:54 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-08-19 07:27 - 2014-09-10 15:54 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-08-19 07:25 - 2014-09-10 15:54 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-08-19 07:25 - 2014-09-10 15:54 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-08-19 07:23 - 2014-09-10 15:54 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-08-19 07:23 - 2014-09-10 15:53 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-08-19 07:22 - 2014-09-10 15:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-19 07:19 - 2014-09-10 15:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-08-19 07:17 - 2014-09-10 15:54 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-08-19 07:17 - 2014-09-10 15:54 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-08-19 07:16 - 2014-09-10 15:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-08-19 07:15 - 2014-09-10 15:53 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-08-19 07:15 - 2014-09-10 15:53 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-08-19 07:09 - 2014-09-10 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-08-19 07:08 - 2014-09-10 15:53 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-08-19 07:07 - 2014-09-10 15:54 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-08-19 06:55 - 2014-09-10 15:53 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-08-19 06:46 - 2014-09-10 15:53 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-08-19 06:38 - 2014-09-10 15:54 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-08-19 06:38 - 2014-09-10 15:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-08-19 06:36 - 2014-09-10 15:54 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-08-18 00:39 - 2014-07-12 18:14 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Go Pro

    Files to move or delete:
    ====================
    C:\ProgramData\Setup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-07 22:57

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
    Ran by Jonesboy at 2014-09-15 21:27:37
    Running from C:\Users\Jonesboy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
    Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{26D103BC-A153-B74C-CA98-8F0A66EF6041}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    AX88772A & AX88772 Vista 64-bit Driver (HKLM-x32\...\InstallShield_{663451CD-7556-46FF-9EDA-45A50AEA658C}) (Version: 3.10.234.13 - ASIX Electronics Corporation)
    AX88772A & AX88772 Vista 64-bit Driver (x32 Version: 3.10.234.13 - ASIX Electronics Corporation) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
    Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
    Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
    Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
    Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
    Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
    Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.3.1 - Canon Inc.)
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
    Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0727.2126.36625 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    ccc-utility64 (Version: 2010.0727.2126.36625 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.0.2603 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisplayLink Core Software (HKLM\...\{A0A51EB5-5C6C-4588-816A-D6990B79F298}) (Version: 7.2.47157.0 - DisplayLink Corp.)
    DisplayLink Graphics (HKLM\...\{B76E347A-DFF5-4CD7-88D5-7F947BC75D41}) (Version: 7.0.43577.0 - DisplayLink Corp.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
    dynadock Utility_II (HKLM\...\{F6D91449-5BB1-4F5D-9565-CA1E7EB961CD}) (Version: 2.1.1.0.64 - TOSHIBA Corporation)
    Elevated Installer (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.2.2 - Lenovo)
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
    Full DVD Ripper 9 Free (HKLM-x32\...\{DA5931FD-7F75-49CA-A405-85D230DE29D8}_is1) (Version: - Full DVD Studio)
    Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}) (Version: 3.2.13.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
    Hubb Investor (HKLM-x32\...\Hubb Investor) (Version: - )
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
    Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
    Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 9.4.6 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.6 - )
    Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2400 - Broadcom Corporation)
    Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
    Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
    Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.4 - Suyin Optronics Corp.)
    Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
    Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
    Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
    Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
    Lenovo SplitScreen (HKLM-x32\...\Lenovo SplitScreen) (Version: 1.00.1823.0001 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
    More Add-in (HKLM-x32\...\{F522CEC8-CBF8-4733-9344-563D322E25E1}) (Version: 4.2.0 - MoreAddin)
    Moveslink2 (HKCU\...\ad9740b1426036fe) (Version: 1.2.9.4693 - Suunto)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.6 - Lenovo)
    Onekey Theater (x32 Version: 2.0.2.6 - Lenovo) Hidden
    Optus Mobile Broadband (HKLM-x32\...\Optus Mobile Broadband) (Version: 16.002.10.01.432 - Huawei Technologies Co.,Ltd)
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.24 - NCH Software)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.6903 - CyberLink Corp.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
    ReconUplink (HKLM-x32\...\{D2EBF10F-4746-4994-BF85-5964ED9AB9A5}) (Version: 1.0.2.1 - Recon Instruments)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
    Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Star Downloader Free (HKLM-x32\...\Star Downloader Free) (Version: - )
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.53 - Synaptics Incorporated)
    TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    TOSHIBA dynadock (HKLM\...\{3933FB5F-85F6-4D24-A663-0D376CA05D90}) (Version: 4.5.14974.0 - TOSHIBA Corporation)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    USB Multi-Channel Audio Device (HKLM-x32\...\Generic USB 106 Sound) (Version: - )
    Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
    Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    02-09-2014 00:12:31 Windows Update
    07-09-2014 11:21:30 Windows Update
    08-09-2014 11:11:51 Installed Samsung Kies3
    10-09-2014 05:42:19 Windows Update
    14-09-2014 07:02:39 Windows Update
    15-09-2014 08:46:31 Removed PicRec (x86)
    15-09-2014 08:48:21 Removed PicRec (x86)
    15-09-2014 09:28:01 Revo Uninstaller's restore point - InstaShare
    15-09-2014 09:49:20 Revo Uninstaller's restore point - Bing Desktop
    15-09-2014 11:13:34 Checkpoint by HitmanPro

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2014-09-15 21:08 - 00450770 ____R C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0E565558-BC0D-4DA0-AD83-1F6E717DAC64} - System32\Tasks\{8653835D-03A1-4CC8-909A-285E036CB7AD} => Chrome.exe http://www.skype.com/go/downloading?...mp;LastError=0
    Task: {24A6AB29-40C9-40A1-8FEE-389792A623C4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {2E2818CD-D83C-47C2-BEFE-6DBFACC268ED} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
    Task: {2EBD4A33-07B1-41EC-A28F-79ED90CB1848} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-10] ()
    Task: {345CC3E1-A5D3-4F6F-A4A4-70BC03338845} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
    Task: {3CA9C9C8-8A3E-4BA5-B121-B596EE02C559} - System32\Tasks\{4D9FBE05-3A90-4892-A19A-CEF2CED8137F} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {453218D4-6179-4C01-8C1B-4AFF7774811E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
    Task: {49399536-52DB-486E-AF9C-41E909330979} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-27] (Microsoft Corporation)
    Task: {4D20A384-F7F7-4028-B7D5-D4FA2C72242B} - System32\Tasks\{4109FCE8-B55C-4BD3-9B73-CD0BF3B4C7D6} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {5F3EBEE2-5768-4836-8667-DD87DA02646B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
    Task: {615899FB-6231-44E4-8883-FC4FD8B31CBB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {672D6D2C-0BA4-4A6C-8EE2-018289B8602C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
    Task: {68D0EB38-394E-4C96-B903-575D24E114AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
    Task: {6A1803A4-EB8A-49F3-A864-F35B32CD8201} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {7D96CFB1-CBDA-49E0-801C-58D922F2F1DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {7DBB66B2-B6BC-4792-9D06-49441D499C16} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {7E7B4D0B-B2EC-4AE4-AE60-4196E6847FD4} - System32\Tasks\{5C69CC98-2842-4857-B783-164F24FC0344} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
    Task: {9760B92A-420C-48CA-B7B9-54074AE48896} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
    Task: {9E1E0B6F-CE97-4D06-9DE1-FBA233A528C3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
    Task: {A5CA1764-E513-408D-A3E4-F93809AE8189} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {AE2A720F-EE38-4928-82F0-852934809CB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
    Task: {BC042629-8A25-4F0F-BD78-CBC955EDC851} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {C85C4CA9-A503-4158-88E9-0D58220FF9A8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: {F89B0AAF-30A9-477D-AE3A-E08EAA057CED} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
    Task: {FEAFB85C-231B-4DFF-B67B-28050E562C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\BCK1 7 July 2013.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
    Task: C:\windows\Tasks\BCK2 13 07 13.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: C:\windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
    Task: C:\windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-06-22 00:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2010-08-19 18:52 - 2010-08-19 18:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
    2010-10-19 00:50 - 2010-10-19 00:50 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
    2010-10-19 00:52 - 2010-10-19 00:52 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
    2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-03-16 10:43 - 2012-03-31 23:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
    2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
    2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
    2011-03-16 04:28 - 2011-03-16 04:28 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    2014-06-13 13:55 - 2014-06-10 14:25 - 00936656 _____ () C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
    2012-03-04 09:58 - 2008-05-20 20:18 - 00221184 _____ () C:\windows\system\Cm106eye.exe
    2010-08-26 23:47 - 2010-08-26 23:47 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-07-28 06:25 - 2010-07-28 06:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-09-15 20:36 - 2014-09-15 20:36 - 01389936 _____ () C:\ProgramData\myXaturuft\dat\cHmAzL.dll
    2014-06-14 13:50 - 2006-02-25 19:02 - 01785344 _____ () C:\Program Files (x86)\Star Downloader\stardown.exe
    2014-07-04 18:20 - 2014-07-04 18:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-09-15 11:33 - 2014-09-15 11:33 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
    2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-07-04 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-04 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-07-04 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-04 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-07-04 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2010-10-19 00:46 - 2010-10-19 00:46 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
    2010-10-19 00:49 - 2010-10-19 00:49 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 22593536 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libViber.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00737280 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libGLESv2.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00098304 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\qfacebook.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00049152 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libEGL.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00860160 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\platforms\qwindows.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qgif.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qico.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00204800 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qjpeg.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00221184 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qmng.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qsvg.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtga.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00311296 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtiff.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qwbmp.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00622592 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\sqldrivers\qsqlite.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00032768 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\iconengines\qsvgicon.dll
    2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    2014-09-04 09:12 - 2014-09-04 09:12 - 07248384 _____ () C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\BLLWrapper.DLL
    2012-03-04 09:58 - 2006-09-13 15:08 - 00491520 _____ () C:\windows\system\CmAu106.dll
    2014-07-04 18:20 - 2014-07-04 18:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-06-22 00:32 - 2014-06-22 00:32 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2012-09-24 13:19 - 2011-05-27 10:17 - 01372160 ____N () C:\Program Files (x86)\Infotriever\Agent\ifboutlook.dll
    2014-08-27 10:44 - 2014-08-27 10:47 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2014-06-14 13:50 - 2006-02-26 17:44 - 00135680 _____ () C:\Program Files (x86)\Star Downloader\SDIEInt.dll
    2014-09-15 20:36 - 2014-09-15 20:36 - 01186160 _____ () C:\ProgramData\myXaturuft\dat\czsVqsmU.dll
    2014-06-14 13:50 - 2004-02-18 02:05 - 00133632 _____ () C:\Program Files (x86)\Star Downloader\SDIE55Int.dll
    2014-06-14 13:50 - 2004-02-04 22:53 - 00139264 _____ () C:\Program Files (x86)\Star Downloader\NSHelper.dll
    2014-06-14 13:50 - 2004-02-04 22:53 - 00032768 _____ () C:\Program Files (x86)\Star Downloader\SDExt.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:054203E4
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\windows\pss\CineForm Status.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Place.lnk => C:\windows\pss\My Place.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: Moveslink2 => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    MSCONFIG\startupreg: ooVoo.exe => C:\program files (x86)\oovoo\oovoo.exe /minimized
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: SkyDrive => "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    MSCONFIG\startupreg: TosDockApp => C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
    MSCONFIG\startupreg: TRUUpdater => "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
    MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    MSCONFIG\startupreg: Viber => "C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe" StartMinimized
    MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: NetGroup Packet Filter Driver
    Description: NetGroup Packet Filter Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: npf
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/15/2014 08:36:28 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/15/2014 07:39:24 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/15/2014 07:36:58 PM) (Source: Garmin Core Update Service) (EventID: 0) (User: )
    Description: Service cannot be started. The service process could not connect to the service controller

    Error: (09/15/2014 07:21:18 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/15/2014 06:57:36 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/15/2014 06:47:14 PM) (Source: MsiInstaller) (EventID: 11001) (User: Jonesboy-PC)
    Description: Product: PicRec (x86) -- Error 1001. Error 1001. An exception occurred while uninstalling. This exception will be ignored and the uninstall will continue. However, the application might not be fully uninstalled after the uninstall is complete. --> You canceled uninstallation(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

    Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

    Error: (09/15/2014 11:29:24 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/14/2014 07:20:20 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.


    System errors:
    =============
    Error: (09/15/2014 08:37:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP Network Devices Support service terminated with the following error:
    %%126

    Error: (09/15/2014 08:36:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The SQL Server (MSSMLBIZ) service terminated with service-specific error %%3414.

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (09/15/2014 08:36:28 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/15/2014 07:39:24 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/15/2014 07:36:58 PM) (Source: Garmin Core Update Service) (EventID: 0) (User: )
    Description: Service cannot be started. The service process could not connect to the service controller

    Error: (09/15/2014 07:21:18 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/15/2014 06:57:36 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/15/2014 06:47:14 PM) (Source: MsiInstaller) (EventID: 11001) (User: Jonesboy-PC)
    Description: Product: PicRec (x86) -- Error 1001. Error 1001. An exception occurred while uninstalling. This exception will be ignored and the uninstall will continue. However, the application might not be fully uninstalled after the uninstall is complete. --> You canceled uninstallation(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

    Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

    Error: (09/15/2014 11:29:24 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/14/2014 07:20:20 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-15 20:37:19.315
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 20:37:18.745
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 20:37:02.088
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 20:36:59.049
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 19:39:15.511
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 19:39:15.187
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 19:38:50.531
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 19:38:49.772
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 19:21:22.096
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-15 19:21:20.377
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
    Percentage of memory in use: 46%
    Total physical RAM: 8172.58 MB
    Available physical RAM: 4387.63 MB
    Total Pagefile: 16343.34 MB
    Available Pagefile: 11812.89 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive b: () (RAMDisk) (Total:653 GB) (Free:56.16 GB) NTFS
    Drive c: () (Fixed) (Total:653 GB) (Free:55.33 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:30.69 GB) (Free:28.52 GB) NTFS
    Drive e: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2140.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5EE4C6C4)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=30.7 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 1.

    ==================== End Of Log ============================

    Finally got the aswMBR log. attached.

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-09-15 22:03:20
    -----------------------------
    22:03:20.698 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:03:20.698 Number of processors: 8 586 0x2A07
    22:03:20.699 ComputerName: JONESBOY-PC UserName: Jonesboy
    22:03:22.375 Initialize success
    22:03:22.376 VM: initialized successfully
    22:03:22.392 VM: Intel CPU supported
    22:03:24.327 VM: supported disk I/O iaStor.sys
    22:03:27.182 AVAST engine defs: 14091401
    22:03:32.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:03:32.529 Disk 0 Vendor: WDC_WD75 02.0 Size: 715404MB BusType: 3
    22:03:32.777 Disk 0 MBR read successfully
    22:03:32.781 Disk 0 MBR scan
    22:03:32.784 Disk 0 Windows 7 default MBR code
    22:03:32.798 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
    22:03:32.813 Disk 0 default boot code
    22:03:32.818 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 668670 MB offset 411648
    22:03:32.822 Disk 0 Partition - 00 0F Extended LBA 31425 MB offset 1369847808
    22:03:32.859 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
    22:03:32.923 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 31424 MB offset 1369849856
    22:03:33.189 Disk 0 scanning C:\windows\system32\drivers
    22:03:51.859 Service scanning
    22:04:21.789 Modules scanning
    22:04:21.805 Disk 0 trace - called modules:
    22:04:21.835 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:04:21.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c6c790]
    22:04:21.860 3 CLASSPNP.SYS[fffff88000dbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800765c050]
    22:04:23.599 AVAST engine scan C:\windows
    22:04:30.055 AVAST engine scan C:\windows\system32
    22:08:25.063 AVAST engine scan C:\windows\system32\drivers
    22:08:43.897 AVAST engine scan C:\Users\Jonesboy
    22:45:56.956 AVAST engine scan C:\ProgramData
    22:55:26.997 Scan finished successfully
    22:57:45.747 Disk 0 MBR has been saved successfully to "C:\Users\Jonesboy\Desktop\MBR.dat"
    22:57:45.752 The log file has been saved successfully to "C:\Users\Jonesboy\Desktop\aswMBR 1.txt"

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Lets run a few scans and tools

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================


    Then open Malwarebytes, check for updates and run the Threat scan , here are instructions in case you removed it


    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default

    3 logs below. Thanks for the help.



    # AdwCleaner v3.310 - Report created 16/09/2014 at 08:42:58
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Jonesboy - JONESBOY-PC
    # Running from : C:\Users\Jonesboy\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AskPartnerNetwork
    Folder Deleted : C:\ProgramData\Browser
    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\GreenTree Applications
    Folder Deleted : C:\Program Files (x86)\NCH Software
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\003
    Folder Deleted : C:\Users\Jonesboy\AppData\Local\apn
    Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\DownLite
    Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\GrabPro
    Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm
    File Deleted : C:\END
    File Deleted : C:\Users\Jonesboy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
    File Deleted : C:\Users\Jonesboy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
    File Deleted : C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : SpeedUpMyPC
    Task Deleted : spmonitor

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avast-uninstall-utility_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avast-uninstall-utility_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Myfree Codec
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v

    -\\ Google Chrome v37.0.2062.120

    [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
    Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
    Deleted [Extension] : hfimfliilbabfohebppnfomgjljicpdm
    Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
    Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
    Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

    [ File : C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={6C0558D9-CC86-41A6-8388-73A988C2FCFA}&mid=655d9f02c9f14561b20850110a262a31-7517f13cfd7680160233733b6e2ba585a6f035f4&lang=en&ds=pl011&pr=sa&d=2012-07-14 21:55:09&v=12.2.5.32&sap=dsp&q={searchTerms}
    Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
    Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
    Deleted [Extension] : hfimfliilbabfohebppnfomgjljicpdm

    *************************

    AdwCleaner[R0].txt - [10851 octets] - [16/09/2014 08:38:38]
    AdwCleaner[S0].txt - [10812 octets] - [16/09/2014 08:42:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10873 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Jonesboy on Tue 16/09/2014 at 8:59:25.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601747211-198960775-3737481478-1001\Software\wajam
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244624476}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244624476}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244624476}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244624476}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASMANCS



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
    Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{0F83C0D1-6819-453F-AA75-7C4FD9500118}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{26C9608B-BC5D-4216-8AEA-21A78F8BF8E3}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{290B8B57-98AA-4AA5-A1A4-C255B89D69E6}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{3AD7A380-4FD4-4331-BE22-520E6FAEFF62}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{3F94F9F8-71EF-497E-BAAC-4DDED31A8CCB}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{42EF28CD-8959-4F87-8AE2-9EE39EB2B9F2}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{597F929F-4A68-483D-8BC0-29DD5EBACB20}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{719AA97E-1D6C-4EC3-B241-CB8DCC1A86AA}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{7D3AC051-9AA9-4909-8877-85DFF8E94785}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{87898BA0-0BBA-4D41-A191-9D7EE19CB8BE}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{8BBD3764-8099-4B36-85FF-A84B3EBE97B8}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{94248547-A1DB-480B-92C3-471DD911C839}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{9EDE0484-900C-4338-954C-178EDAFB6829}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{A0C416E6-E734-4D32-93FD-5D36A8D49B56}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{B38CF3DD-ADC5-4040-B69D-5D8B9CAB0DD9}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{CCBE715B-87ED-4B72-8D37-E67FCE4EA25E}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{EA49EFBC-D8DE-4ADD-B9F6-872FCB761F5B}
    Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{F25738DB-9761-4308-AF1C-0C1461B5944A}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 16/09/2014 at 9:08:14.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Hope this is the right log from
    Malwarebytes

    <?xml version="1.0" encoding="UTF-16" ?>
    <mbam-log>
    <header>
    <date>2014/09/16 09:12:49 +1000</date>
    <logfile>mbam-log-2014-09-16 (09-12-46).xml</logfile>
    <isadmin>yes</isadmin>
    </header>
    <engine>
    <version>2.00.2.1012</version>
    <malware-database>v2014.09.15.12</malware-database>
    <rootkit-database>v2014.09.15.01</rootkit-database>
    <license>premium</license>
    <file-protection>enabled</file-protection>
    <web-protection>enabled</web-protection>
    <self-protection>disabled</self-protection>
    </engine>
    <system>
    <osversion>Windows 7 Service Pack 1</osversion>
    <arch>x64</arch>
    <username>Jonesboy</username>
    <filesys>NTFS</filesys>
    </system>
    <summary>
    <type>threat</type>
    <result>completed</result>
    <objects>361592</objects>
    <time>791</time>
    <processes>0</processes>
    <modules>0</modules>
    <keys>0</keys>
    <values>0</values>
    <datas>0</datas>
    <folders>0</folders>
    <files>2</files>
    <sectors>0</sectors>
    </summary>
    <options>
    <memory>enabled</memory>
    <startup>enabled</startup>
    <filesystem>enabled</filesystem>
    <archives>enabled</archives>
    <rootkits>enabled</rootkits>
    <deeprootkit>disabled</deeprootkit>
    <heuristics>enabled</heuristics>
    <pup>enabled</pup>
    <pum>enabled</pum>
    </options>
    <items>
    <file><path>C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>delete-on-reboot</action><hash>2cc68469225982b4d7682af13bc83bc5</hash></file>
    <file><path>C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>fcf6608d7308b77f93ac0b1029da7d83</hash></file>
    </items>
    </mbam-log>

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Funny Malwarebytes log , but it looks like if found a few things and removed them

    Go ahead and run a new scan with FRST, be sure to check Additions and post both logs please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default Better Malwarbytes log - I think.

    I think this is a better malwarbytes log. I will run FRST again and post logs shortly.
    Thanks

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 16/09/2014
    Scan Time: 9:42:57 AM
    Logfile: malwarbytes 2014 09 16 01.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.15.12
    Rootkit Database: v2014.09.15.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Jonesboy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 361650
    Time Elapsed: 15 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [faf8638a8fec181e9bcd6d1d49b97b85],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.Superfish.A, C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [bc36f6f76615b18541fe70ab9d665da3],
    PUP.Optional.Superfish.A, C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [d31f05e8245768ce4bf4b16ad72c0000],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thanks, been a loooooooong day, be back in the am
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default FRST logs for your return. Thanks

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
    Ran by Jonesboy (administrator) on JONESBOY-PC on 16-09-2014 11:50:36
    Running from C:\Users\Jonesboy\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\ProgramData\DatacardService\DCService.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Interesting Solutions) C:\ProgramData\myXaturuft\ZGtfxyv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Suunto) C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\Moveslink2.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Windows\system\cm106eye.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Interesting Solutions) C:\ProgramData\myXaturuft\dat\LRtGyBDdr.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-11-12] (Synaptics Incorporated)
    HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-11-12] (Synaptics Incorporated)
    HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-03-16] (Lenovo)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-24] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-09-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [Cm106Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
    HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
    HKLM-x32\...\Run: [Lenovo SplitScreen] => C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe [778592 2010-06-23] (Lenovo)
    HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Moveslink2] => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Viber] => C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe [936656 2014-06-10] ()
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efb99-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efbab-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {dfefbe99-e45d-11e1-bbcb-ec55f9ebde21} - E:\AutoRun.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {ff38db40-789b-11e1-aaf9-ec55f9ebde21} - E:\win\setup.exe -phs
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    SearchScopes: HKCU - {175023C8-9E2B-4397-A1BB-D91BB93ABDAD} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: No Name -> {FFFFFEF0-5B30-21D4-945D-000000000000} -> C:\Program Files (x86)\Star Downloader\SDIEInt.dll ()
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///F:/activeX/DCP.cab
    DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///F:/activeX/aplugLiteDL.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    Tcpip\..\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF}: [NameServer] 198.142.0.51 61.88.88.88
    Tcpip\..\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688}: [NameServer] 198.142.0.51 61.88.88.88

    FireFox:
    ========
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: reconinstruments.com/Recon -> C:\Users\Jonesboy\AppData\Roaming\ReconInstruments\ReconUplink\1.0.2.1\npReconUplink.dll (Recon Instruments)
    FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-04]
    FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-04]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> FB2353EF818E000C9EC1B1DDDF8F147F6788363B76B7D4A4E3563D81BDDA2FD4
    CHR DefaultSearchURL: Default -> 3A93E825D69222AF67266526206B5617EC1F7F2100BD65E5D18A6E7AD7FEA498
    CHR Profile: C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02]
    CHR Extension: (Google Drive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-02]
    CHR Extension: (Google Search) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-02]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-24]
    CHR Extension: (Skype Click to Call) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-03]
    CHR Extension: (OneDrive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-08]
    CHR Extension: (Google Wallet) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
    CHR Extension: (Desktop Client for Viber™) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-06-13]
    CHR Extension: (Gmail) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
    R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [915232 2010-06-14] (Broadcom Corporation.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
    R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8988048 2013-04-03] (DisplayLink Corp.)
    S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438104 2014-07-10] (Garmin Ltd or its subsidiaries)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
    S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
    R2 ZGtfxyv; C:\ProgramData\myXaturuft\ZGtfxyv.exe [2319728 2014-09-14] (Interesting Solutions)
    S2 HPSLPSVC; C:\Users\Jonesboy\AppData\Local\Temp\7zS51CF\hpslpsvc64.dll [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
    R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
    R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
    R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [44944 2013-04-10] ()
    S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
    S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
    R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-06] (JMicron Technology Corp.)
    R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [57072 2010-04-24] (JMicron Technology Corp.)
    R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31344 2010-04-24] (JMicron Technology Corp.)
    S3 massfilter_lte; C:\windows\system32\drivers\massfilter_lte.sys [18456 2011-08-09] (HandSet Incorporated)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated) [File not signed]
    S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.) [File not signed]
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.) [File not signed]
    S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
    S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
    U2 IAStorDataMgrSvc; No ImagePath
    U3 IGRS; No ImagePath
    U2 IviRegMgr; No ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 NPF; system32\drivers\NPF.sys [X]
    U2 ReadyComm.DirectRouter; No ImagePath
    U2 RichVideo; No ImagePath
    S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-16 11:25 - 2014-09-16 11:25 - 00001585 _____ () C:\Users\Jonesboy\Desktop\malwarbytes 2014 09 16 01.txt
    2014-09-16 09:08 - 2014-09-16 09:08 - 00004269 _____ () C:\Users\Jonesboy\Desktop\JRT.txt
    2014-09-16 08:59 - 2014-09-16 08:59 - 00000000 ____D () C:\windows\ERUNT
    2014-09-16 08:55 - 2014-09-16 08:56 - 01016261 _____ (Thisisu) C:\Users\Jonesboy\Desktop\JRT.exe
    2014-09-16 08:53 - 2014-09-16 08:53 - 00011042 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner[S0].txt
    2014-09-16 08:50 - 2014-09-16 08:50 - 00000000 ____D () C:\ProgramData\Browser
    2014-09-16 08:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
    2014-09-16 08:38 - 2014-09-16 08:43 - 00000000 ____D () C:\AdwCleaner
    2014-09-16 08:35 - 2014-09-16 08:35 - 01373475 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner.exe
    2014-09-16 08:19 - 2014-09-16 11:31 - 00002630 _____ () C:\windows\PFRO.log
    2014-09-15 22:57 - 2014-09-15 22:57 - 00002298 _____ () C:\Users\Jonesboy\Desktop\aswMBR 1.txt
    2014-09-15 22:01 - 2014-09-15 22:57 - 00000512 _____ () C:\Users\Jonesboy\Desktop\MBR.dat
    2014-09-15 22:01 - 2014-09-15 22:01 - 00002202 _____ () C:\Users\Jonesboy\Desktop\aswMBR.txt
    2014-09-15 21:27 - 2014-09-15 21:28 - 00059656 _____ () C:\Users\Jonesboy\Desktop\Addition.txt
    2014-09-15 21:26 - 2014-09-16 11:50 - 00034202 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
    2014-09-15 21:25 - 2014-09-16 11:50 - 00000000 ____D () C:\FRST
    2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-15 20:59 - 2014-09-15 21:14 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-09-15 20:32 - 2014-09-16 11:32 - 00000280 _____ () C:\windows\setupact.log
    2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
    2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
    2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
    2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
    2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
    2014-09-14 08:41 - 2014-09-14 08:42 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
    2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
    2014-09-14 08:30 - 2014-09-15 19:14 - 00000000 ____D () C:\Program Files\Common Files\PicRec
    2014-09-14 08:30 - 2014-09-15 19:03 - 00000000 ____D () C:\Program Files (x86)\Acro Software
    2014-09-14 08:30 - 2014-08-25 12:14 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
    2014-09-14 08:29 - 2014-09-16 08:35 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
    2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
    2014-09-10 15:54 - 2014-08-20 04:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-09-10 15:54 - 2014-08-20 03:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-09-10 15:54 - 2014-08-19 09:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-09-10 15:54 - 2014-08-19 08:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-09-10 15:54 - 2014-08-19 08:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-09-10 15:54 - 2014-08-19 08:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-09-10 15:54 - 2014-08-19 08:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-09-10 15:54 - 2014-08-19 08:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-09-10 15:54 - 2014-08-19 08:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-09-10 15:54 - 2014-08-19 08:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-09-10 15:54 - 2014-08-19 08:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-09-10 15:54 - 2014-08-19 08:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-09-10 15:54 - 2014-08-19 08:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-09-10 15:54 - 2014-08-19 08:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-09-10 15:54 - 2014-08-19 08:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-09-10 15:54 - 2014-08-19 07:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-09-10 15:54 - 2014-08-19 07:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-09-10 15:54 - 2014-08-19 07:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-09-10 15:54 - 2014-08-19 07:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-09-10 15:54 - 2014-08-19 07:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-09-10 15:54 - 2014-08-19 07:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-09-10 15:54 - 2014-08-19 07:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-09-10 15:54 - 2014-08-19 07:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-09-10 15:54 - 2014-08-19 07:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-09-10 15:54 - 2014-08-19 07:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-09-10 15:54 - 2014-08-19 07:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-09-10 15:54 - 2014-08-19 07:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-09-10 15:54 - 2014-08-19 07:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-09-10 15:54 - 2014-08-19 07:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-09-10 15:54 - 2014-08-19 07:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-09-10 15:54 - 2014-08-19 07:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-09-10 15:54 - 2014-08-19 07:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-09-10 15:54 - 2014-08-19 07:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-09-10 15:54 - 2014-08-19 07:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-09-10 15:54 - 2014-08-19 07:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-09-10 15:54 - 2014-08-19 07:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-10 15:54 - 2014-08-19 07:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-09-10 15:54 - 2014-08-19 07:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-09-10 15:54 - 2014-08-19 07:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-09-10 15:54 - 2014-08-19 07:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-09-10 15:54 - 2014-08-19 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-09-10 15:54 - 2014-08-19 06:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-09-10 15:54 - 2014-08-19 06:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-09-10 15:53 - 2014-08-19 08:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-09-10 15:53 - 2014-08-19 08:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-09-10 15:53 - 2014-08-19 08:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-09-10 15:53 - 2014-08-19 08:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-09-10 15:53 - 2014-08-19 07:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-09-10 15:53 - 2014-08-19 07:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-09-10 15:53 - 2014-08-19 07:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-09-10 15:53 - 2014-08-19 07:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-09-10 15:53 - 2014-08-19 07:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-09-10 15:53 - 2014-08-19 07:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-09-10 15:53 - 2014-08-19 06:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-09-10 15:53 - 2014-08-19 06:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-09-10 15:53 - 2014-08-19 06:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-09-10 15:43 - 2014-06-27 12:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
    2014-09-10 15:43 - 2014-06-27 11:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
    2014-09-10 15:41 - 2014-08-01 21:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
    2014-09-10 15:41 - 2014-08-01 21:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
    2014-09-10 15:41 - 2014-07-07 12:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-09-10 15:41 - 2014-07-07 12:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-09-10 15:41 - 2014-07-07 11:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-09-10 15:41 - 2014-07-07 11:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-09-10 15:41 - 2014-07-07 11:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-09-10 15:41 - 2014-06-24 13:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
    2014-09-10 15:41 - 2014-06-24 12:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
    2014-09-10 15:40 - 2014-09-05 12:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-09-10 15:40 - 2014-09-05 12:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-08-29 12:38 - 2014-08-23 12:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-08-29 12:38 - 2014-08-23 11:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-08-29 12:38 - 2014-08-23 10:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-22 01:54 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-08-22 01:54 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-08-22 01:54 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-08-22 01:54 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-08-22 01:53 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-08-22 01:53 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-08-22 01:53 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-08-22 01:53 - 2014-05-14 12:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-08-22 01:53 - 2014-05-14 12:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-08-22 01:53 - 2014-05-14 12:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-08-22 01:53 - 2014-05-14 12:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-08-18 18:54 - 2014-09-13 17:22 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-16 11:50 - 2014-09-15 21:26 - 00034202 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
    2014-09-16 11:50 - 2014-09-15 21:25 - 00000000 ____D () C:\FRST
    2014-09-16 11:47 - 2014-06-13 13:55 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\ViberPC
    2014-09-16 11:47 - 2013-07-02 18:28 - 00004998 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC
    2014-09-16 11:47 - 2012-07-28 18:09 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Deployment
    2014-09-16 11:46 - 2014-06-13 13:40 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Viber
    2014-09-16 11:46 - 2014-05-25 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-16 11:46 - 2013-01-22 11:01 - 00000354 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    2014-09-16 11:46 - 2012-02-15 21:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-16 11:42 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-16 11:42 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-16 11:39 - 2014-05-18 12:32 - 01465087 _____ () C:\windows\WindowsUpdate.log
    2014-09-16 11:36 - 2012-04-02 21:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-09-16 11:35 - 2012-02-15 21:17 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-16 11:32 - 2014-09-15 20:32 - 00000280 _____ () C:\windows\setupact.log
    2014-09-16 11:32 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-09-16 11:31 - 2014-09-16 08:19 - 00002630 _____ () C:\windows\PFRO.log
    2014-09-16 11:25 - 2014-09-16 11:25 - 00001585 _____ () C:\Users\Jonesboy\Desktop\malwarbytes 2014 09 16 01.txt
    2014-09-16 09:35 - 2012-06-19 17:53 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Skype
    2014-09-16 09:08 - 2014-09-16 09:08 - 00004269 _____ () C:\Users\Jonesboy\Desktop\JRT.txt
    2014-09-16 08:59 - 2014-09-16 08:59 - 00000000 ____D () C:\windows\ERUNT
    2014-09-16 08:56 - 2014-09-16 08:55 - 01016261 _____ (Thisisu) C:\Users\Jonesboy\Desktop\JRT.exe
    2014-09-16 08:53 - 2014-09-16 08:53 - 00011042 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner[S0].txt
    2014-09-16 08:50 - 2014-09-16 08:50 - 00000000 ____D () C:\ProgramData\Browser
    2014-09-16 08:43 - 2014-09-16 08:38 - 00000000 ____D () C:\AdwCleaner
    2014-09-16 08:35 - 2014-09-16 08:35 - 01373475 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner.exe
    2014-09-16 08:35 - 2014-09-14 08:29 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
    2014-09-15 23:11 - 2012-02-27 00:51 - 00000000 ____D () C:\Users\Jonesboy\Documents\Outlook Files
    2014-09-15 22:57 - 2014-09-15 22:57 - 00002298 _____ () C:\Users\Jonesboy\Desktop\aswMBR 1.txt
    2014-09-15 22:57 - 2014-09-15 22:01 - 00000512 _____ () C:\Users\Jonesboy\Desktop\MBR.dat
    2014-09-15 22:01 - 2014-09-15 22:01 - 00002202 _____ () C:\Users\Jonesboy\Desktop\aswMBR.txt
    2014-09-15 21:28 - 2014-09-15 21:27 - 00059656 _____ () C:\Users\Jonesboy\Desktop\Addition.txt
    2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
    2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-15 21:14 - 2014-09-15 20:59 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-09-15 21:09 - 2012-04-22 20:24 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Files
    2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
    2014-09-15 19:55 - 2012-02-22 14:09 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-09-15 19:55 - 2011-03-16 04:31 - 00000000 ____D () C:\ProgramData\Temp
    2014-09-15 19:53 - 2012-11-22 09:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-15 19:48 - 2012-02-22 17:45 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\PhotoScape
    2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
    2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-09-15 19:15 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
    2014-09-15 19:14 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files\Common Files\PicRec
    2014-09-15 19:03 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files (x86)\Acro Software
    2014-09-15 18:46 - 2012-02-15 00:12 - 00002038 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
    2014-09-15 18:45 - 2012-07-07 17:13 - 00002038 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-09-15 18:45 - 2012-02-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
    2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
    2014-09-15 12:07 - 2012-08-10 15:22 - 00000000 ____D () C:\Program Files (x86)\Hubb Investor
    2014-09-15 11:33 - 2012-07-07 21:50 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-09-14 08:42 - 2014-09-14 08:41 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
    2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
    2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
    2014-09-13 22:10 - 2012-02-23 20:36 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\vlc
    2014-09-13 21:39 - 2012-02-19 08:58 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Anti Virus
    2014-09-13 21:23 - 2012-03-04 23:33 - 00001999 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    2014-09-13 20:49 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
    2014-09-13 18:20 - 2014-03-29 00:37 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Tax Docs
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
    2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
    2014-09-13 17:22 - 2014-08-18 18:54 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe
    2014-09-11 19:14 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
    2014-09-10 19:36 - 2012-04-02 21:34 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-09-10 19:36 - 2012-04-02 21:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-10 19:36 - 2012-03-05 22:07 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-10 16:58 - 2012-02-19 08:56 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Adobe
    2014-09-10 15:51 - 2013-07-15 18:18 - 00000000 ____D () C:\windows\system32\MRT
    2014-09-10 15:44 - 2012-02-15 16:56 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-09-10 15:42 - 2014-04-24 19:45 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-09-08 22:15 - 2012-10-18 22:44 - 00000000 ____D () C:\Users\Jonesboy\Downloads\YTD
    2014-09-08 18:41 - 2012-08-10 10:38 - 00000000 ___RD () C:\Users\Jonesboy\SkyDrive
    2014-09-08 15:25 - 2009-07-14 15:13 - 00006620 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-09-05 12:10 - 2014-09-10 15:40 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-09-05 12:05 - 2014-09-10 15:40 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-09-04 09:14 - 2012-06-19 17:53 - 00000000 ____D () C:\ProgramData\Skype
    2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-09-04 09:13 - 2012-06-19 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-08-31 21:51 - 2014-03-28 23:44 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Pt Cook
    2014-08-29 12:54 - 2009-07-14 14:45 - 00437128 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-08-29 10:29 - 2014-06-22 00:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-08-27 11:55 - 2012-02-22 17:38 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-25 12:14 - 2014-09-14 08:30 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
    2014-08-23 22:20 - 2013-10-18 01:15 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
    2014-08-23 22:20 - 2013-10-18 01:15 - 00000000 ____D () C:\Program Files\Java
    2014-08-23 22:16 - 2012-03-04 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-23 22:14 - 2013-10-01 20:16 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-23 12:07 - 2014-08-29 12:38 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-08-23 11:45 - 2014-08-29 12:38 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-08-23 10:59 - 2014-08-29 12:38 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-22 01:50 - 2012-02-15 21:03 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Apple
    2014-08-20 22:02 - 2012-03-05 09:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Windows Live
    2014-08-20 04:05 - 2014-09-10 15:54 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-08-20 03:39 - 2014-09-10 15:54 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-08-19 22:03 - 2014-01-26 21:30 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Run Swim Ride
    2014-08-19 09:01 - 2014-09-10 15:54 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-08-19 08:29 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-08-19 08:29 - 2014-09-10 15:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-08-19 08:26 - 2014-09-10 15:53 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-08-19 08:20 - 2014-09-10 15:53 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-08-19 08:19 - 2014-09-10 15:53 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-08-19 08:15 - 2014-09-10 15:54 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-08-19 08:15 - 2014-09-10 15:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-08-19 08:14 - 2014-09-10 15:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-08-19 08:14 - 2014-09-10 15:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-08-19 08:08 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-08-19 08:08 - 2014-09-10 15:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-08-19 08:08 - 2014-09-10 15:53 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-08-19 08:05 - 2014-09-10 15:54 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-08-19 08:03 - 2014-09-10 15:54 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-08-19 08:03 - 2014-09-10 15:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-08-19 08:03 - 2014-09-10 15:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-08-19 07:57 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-08-19 07:56 - 2014-09-10 15:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-08-19 07:51 - 2014-09-10 15:54 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-08-19 07:46 - 2014-09-10 15:54 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-08-19 07:45 - 2014-09-10 15:54 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-08-19 07:45 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-08-19 07:44 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-08-19 07:44 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-08-19 07:42 - 2014-09-10 15:53 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-08-19 07:40 - 2014-09-10 15:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-08-19 07:39 - 2014-09-10 15:54 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-08-19 07:39 - 2014-09-10 15:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-08-19 07:39 - 2014-09-10 15:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-08-19 07:38 - 2014-09-10 15:54 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-08-19 07:37 - 2014-09-10 15:54 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-08-19 07:36 - 2014-09-10 15:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-08-19 07:35 - 2014-09-10 15:54 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-08-19 07:27 - 2014-09-10 15:54 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-08-19 07:25 - 2014-09-10 15:54 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-08-19 07:25 - 2014-09-10 15:54 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-08-19 07:23 - 2014-09-10 15:54 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-08-19 07:23 - 2014-09-10 15:53 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-08-19 07:22 - 2014-09-10 15:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-19 07:19 - 2014-09-10 15:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-08-19 07:17 - 2014-09-10 15:54 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-08-19 07:17 - 2014-09-10 15:54 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-08-19 07:16 - 2014-09-10 15:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-08-19 07:15 - 2014-09-10 15:53 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-08-19 07:15 - 2014-09-10 15:53 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-08-19 07:09 - 2014-09-10 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-08-19 07:08 - 2014-09-10 15:53 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-08-19 07:07 - 2014-09-10 15:54 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-08-19 06:55 - 2014-09-10 15:53 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-08-19 06:46 - 2014-09-10 15:53 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-08-19 06:38 - 2014-09-10 15:54 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-08-19 06:38 - 2014-09-10 15:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-08-19 06:36 - 2014-09-10 15:54 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-08-18 00:39 - 2014-07-12 18:14 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Go Pro

    Files to move or delete:
    ====================
    C:\ProgramData\Setup.exe


    Some content of TEMP:
    ====================
    C:\Users\Jonesboy\AppData\Local\Temp\HitmanPro.exe
    C:\Users\Jonesboy\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-16 10:13

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
    Ran by Jonesboy at 2014-09-16 11:51:13
    Running from C:\Users\Jonesboy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
    Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{26D103BC-A153-B74C-CA98-8F0A66EF6041}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    AX88772A & AX88772 Vista 64-bit Driver (HKLM-x32\...\InstallShield_{663451CD-7556-46FF-9EDA-45A50AEA658C}) (Version: 3.10.234.13 - ASIX Electronics Corporation)
    AX88772A & AX88772 Vista 64-bit Driver (x32 Version: 3.10.234.13 - ASIX Electronics Corporation) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
    Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
    Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
    Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
    Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
    Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
    Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.3.1 - Canon Inc.)
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
    Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0727.2126.36625 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
    ccc-utility64 (Version: 2010.0727.2126.36625 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.0.2603 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisplayLink Core Software (HKLM\...\{A0A51EB5-5C6C-4588-816A-D6990B79F298}) (Version: 7.2.47157.0 - DisplayLink Corp.)
    DisplayLink Graphics (HKLM\...\{B76E347A-DFF5-4CD7-88D5-7F947BC75D41}) (Version: 7.0.43577.0 - DisplayLink Corp.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
    dynadock Utility_II (HKLM\...\{F6D91449-5BB1-4F5D-9565-CA1E7EB961CD}) (Version: 2.1.1.0.64 - TOSHIBA Corporation)
    Elevated Installer (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.2.2 - Lenovo)
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
    Full DVD Ripper 9 Free (HKLM-x32\...\{DA5931FD-7F75-49CA-A405-85D230DE29D8}_is1) (Version: - Full DVD Studio)
    Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}) (Version: 3.2.13.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
    Hubb Investor (HKLM-x32\...\Hubb Investor) (Version: - )
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
    Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
    Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 9.4.6 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.6 - )
    Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2400 - Broadcom Corporation)
    Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
    Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
    Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.4 - Suyin Optronics Corp.)
    Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
    Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
    Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
    Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
    Lenovo SplitScreen (HKLM-x32\...\Lenovo SplitScreen) (Version: 1.00.1823.0001 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
    More Add-in (HKLM-x32\...\{F522CEC8-CBF8-4733-9344-563D322E25E1}) (Version: 4.2.0 - MoreAddin)
    Moveslink2 (HKCU\...\ad9740b1426036fe) (Version: 1.2.9.4693 - Suunto)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.6 - Lenovo)
    Onekey Theater (x32 Version: 2.0.2.6 - Lenovo) Hidden
    Optus Mobile Broadband (HKLM-x32\...\Optus Mobile Broadband) (Version: 16.002.10.01.432 - Huawei Technologies Co.,Ltd)
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.24 - NCH Software)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.6903 - CyberLink Corp.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
    ReconUplink (HKLM-x32\...\{D2EBF10F-4746-4994-BF85-5964ED9AB9A5}) (Version: 1.0.2.1 - Recon Instruments)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
    Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Star Downloader Free (HKLM-x32\...\Star Downloader Free) (Version: - )
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.53 - Synaptics Incorporated)
    TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    TOSHIBA dynadock (HKLM\...\{3933FB5F-85F6-4D24-A663-0D376CA05D90}) (Version: 4.5.14974.0 - TOSHIBA Corporation)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    USB Multi-Channel Audio Device (HKLM-x32\...\Generic USB 106 Sound) (Version: - )
    Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
    Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    02-09-2014 00:12:31 Windows Update
    07-09-2014 11:21:30 Windows Update
    08-09-2014 11:11:51 Installed Samsung Kies3
    10-09-2014 05:42:19 Windows Update
    14-09-2014 07:02:39 Windows Update
    15-09-2014 08:46:31 Removed PicRec (x86)
    15-09-2014 08:48:21 Removed PicRec (x86)
    15-09-2014 09:28:01 Revo Uninstaller's restore point - InstaShare
    15-09-2014 09:49:20 Revo Uninstaller's restore point - Bing Desktop
    15-09-2014 11:13:34 Checkpoint by HitmanPro

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2014-09-15 21:08 - 00450770 ____R C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0E565558-BC0D-4DA0-AD83-1F6E717DAC64} - System32\Tasks\{8653835D-03A1-4CC8-909A-285E036CB7AD} => Chrome.exe http://www.skype.com/go/downloading?...mp;LastError=0
    Task: {24A6AB29-40C9-40A1-8FEE-389792A623C4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {2EBD4A33-07B1-41EC-A28F-79ED90CB1848} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-10] ()
    Task: {345CC3E1-A5D3-4F6F-A4A4-70BC03338845} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
    Task: {3CA9C9C8-8A3E-4BA5-B121-B596EE02C559} - System32\Tasks\{4D9FBE05-3A90-4892-A19A-CEF2CED8137F} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {453218D4-6179-4C01-8C1B-4AFF7774811E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
    Task: {49399536-52DB-486E-AF9C-41E909330979} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-27] (Microsoft Corporation)
    Task: {4D20A384-F7F7-4028-B7D5-D4FA2C72242B} - System32\Tasks\{4109FCE8-B55C-4BD3-9B73-CD0BF3B4C7D6} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {5F3EBEE2-5768-4836-8667-DD87DA02646B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
    Task: {615899FB-6231-44E4-8883-FC4FD8B31CBB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {672D6D2C-0BA4-4A6C-8EE2-018289B8602C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
    Task: {68D0EB38-394E-4C96-B903-575D24E114AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
    Task: {6A1803A4-EB8A-49F3-A864-F35B32CD8201} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {7D96CFB1-CBDA-49E0-801C-58D922F2F1DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {7DBB66B2-B6BC-4792-9D06-49441D499C16} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {7E7B4D0B-B2EC-4AE4-AE60-4196E6847FD4} - System32\Tasks\{5C69CC98-2842-4857-B783-164F24FC0344} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
    Task: {9760B92A-420C-48CA-B7B9-54074AE48896} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
    Task: {9E1E0B6F-CE97-4D06-9DE1-FBA233A528C3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
    Task: {A5CA1764-E513-408D-A3E4-F93809AE8189} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {AE2A720F-EE38-4928-82F0-852934809CB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
    Task: {BC042629-8A25-4F0F-BD78-CBC955EDC851} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {C85C4CA9-A503-4158-88E9-0D58220FF9A8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: {FEAFB85C-231B-4DFF-B67B-28050E562C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\BCK1 7 July 2013.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
    Task: C:\windows\Tasks\BCK2 13 07 13.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-06-22 00:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2010-08-19 18:52 - 2010-08-19 18:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
    2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-10-19 00:50 - 2010-10-19 00:50 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
    2010-10-19 00:52 - 2010-10-19 00:52 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
    2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
    2011-03-16 04:28 - 2011-03-16 04:28 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
    2014-06-13 13:55 - 2014-06-10 14:25 - 00936656 _____ () C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
    2012-03-04 09:58 - 2008-05-20 20:18 - 00221184 _____ () C:\windows\system\Cm106eye.exe
    2010-08-26 23:47 - 2010-08-26 23:47 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-07-28 06:25 - 2010-07-28 06:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-07-04 18:20 - 2014-07-04 18:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-09-16 08:23 - 2014-09-16 08:23 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091501\algo.dll
    2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-07-04 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-04 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-07-04 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-04 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-07-04 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2010-10-19 00:46 - 2010-10-19 00:46 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
    2010-10-19 00:49 - 2010-10-19 00:49 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
    2014-09-16 11:46 - 2014-09-16 11:46 - 01186160 _____ () C:\ProgramData\myXaturuft\dat\RyCHUlOsx.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 22593536 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libViber.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00737280 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libGLESv2.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00098304 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\qfacebook.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00049152 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libEGL.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00860160 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\platforms\qwindows.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qgif.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qico.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00204800 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qjpeg.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00221184 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qmng.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qsvg.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtga.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00311296 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtiff.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qwbmp.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00622592 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\sqldrivers\qsqlite.dll
    2014-08-01 09:56 - 2014-08-01 09:56 - 00032768 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\iconengines\qsvgicon.dll
    2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    2014-09-13 16:37 - 2014-09-04 13:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
    2014-09-13 16:37 - 2014-09-04 13:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
    2014-09-04 09:12 - 2014-09-04 09:12 - 07248384 _____ () C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\BLLWrapper.DLL
    2014-09-13 16:37 - 2014-09-04 13:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
    2014-09-13 16:37 - 2014-09-04 13:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
    2014-09-13 16:37 - 2014-09-04 13:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
    2012-03-04 09:58 - 2006-09-13 15:08 - 00491520 _____ () C:\windows\system\CmAu106.dll
    2014-07-04 18:20 - 2014-07-04 18:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-06-22 00:32 - 2014-06-22 00:32 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-09-13 16:37 - 2014-09-04 13:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:054203E4
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\windows\pss\CineForm Status.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Place.lnk => C:\windows\pss\My Place.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: Moveslink2 => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    MSCONFIG\startupreg: ooVoo.exe => C:\program files (x86)\oovoo\oovoo.exe /minimized
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: SkyDrive => "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    MSCONFIG\startupreg: TosDockApp => C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
    MSCONFIG\startupreg: TRUUpdater => "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
    MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    MSCONFIG\startupreg: Viber => "C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe" StartMinimized
    MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: NetGroup Packet Filter Driver
    Description: NetGroup Packet Filter Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: npf
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/16/2014 11:37:04 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/16/2014 11:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x537d973e
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x8f0
    Faulting application start time: 0xFreemakeUtilsService.exe0
    Faulting application path: FreemakeUtilsService.exe1
    Faulting module path: FreemakeUtilsService.exe2
    Report Id: FreemakeUtilsService.exe3

    Error: (09/16/2014 11:34:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: FreemakeUtilsService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Runtime.InteropServices.COMException
    Stack:
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
    at System.Management.ManagementScope.InitializeGuts(System.Object)
    at System.Management.ManagementScope.Initialize()
    at System.Management.ManagementObjectSearcher.Initialize()
    at System.Management.ManagementObjectSearcher.Get()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetLoggedOnUsersList()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CollectInformation()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
    at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
    at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
    at System.Threading.ThreadPoolWorkQueue.Dispatch()
    at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

    Error: (09/16/2014 09:33:34 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/16/2014 09:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000374
    Fault offset: 0x000ce753
    Faulting process id: 0x1f40
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3


    System errors:
    =============
    Error: (09/16/2014 11:37:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP Network Devices Support service terminated with the following error:
    %%126

    Error: (09/16/2014 11:37:04 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The SQL Server (MSSMLBIZ) service terminated with service-specific error %%3414.

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2

    Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (09/16/2014 11:37:04 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/16/2014 11:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: FreemakeUtilsService.exe1.0.0.0537d973eKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d8f001cfd14e2e9c22ffC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\windows\syswow64\KERNELBASE.dllb1702ed7-3d41-11e4-801b-001c7e554ab6

    Error: (09/16/2014 11:34:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: FreemakeUtilsService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Runtime.InteropServices.COMException
    Stack:
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
    at System.Management.ManagementScope.InitializeGuts(System.Object)
    at System.Management.ManagementScope.Initialize()
    at System.Management.ManagementObjectSearcher.Initialize()
    at System.Management.ManagementObjectSearcher.Get()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetLoggedOnUsersList()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CollectInformation()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
    at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
    at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
    at System.Threading.ThreadPoolWorkQueue.Dispatch()
    at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

    Error: (09/16/2014 09:33:34 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
    Description: (88:224:1)model

    Error: (09/16/2014 09:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe37.0.2062.1205407bf0entdll.dll6.1.7601.18247521ea8e7c0000374000ce7531f4001cfd13a0b8e82f9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\SysWOW64\ntdll.dll4e2d2f36-3d2e-11e4-bf4a-001c7e554ab6


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-16 11:47:08.220
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 11:47:07.842
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 11:46:57.773
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 11:46:57.292
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 09:35:28.974
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 09:35:28.560
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 09:34:59.693
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 09:34:58.950
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 08:53:23.187
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-16 08:53:22.779
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
    Percentage of memory in use: 37%
    Total physical RAM: 8172.58 MB
    Available physical RAM: 5081.93 MB
    Total Pagefile: 16343.34 MB
    Available Pagefile: 12518.08 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:653 GB) (Free:54.4 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:30.69 GB) (Free:28.52 GB) NTFS
    Drive e: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2140.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5EE4C6C4)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=30.7 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 1.

    ==================== End Of Log ============================

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

    Code:
    Start
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Hosts:
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



    How is your system behaving now, still getting pop ups from Instashare ??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default Instashare is still there.

    No change. Instashare pop ups still there. Thanks


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
    Ran by Jonesboy at 2014-09-17 00:16:08 Run:1
    Running from C:\Users\Jonesboy\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Hosts:
    EmptyTemp:
    End
    *****************

    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 413.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    OK, not seeing it on your logs and also I dont see it in Programs and Features to uninstall it

    What browsers are the pops on , all three, IE, Firefox and Chrome ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •