Solved vmhost and costmin 2.2 reinstall after removal

Sheri Evenson · Jul 11, 2014

All these programs isolate/quarantine/remove the following file: Programdata\updatetask\vmhost.exe. However, it always gets reloaded. The same with costmin - this program is not in my computers program list, yet it will not stay off my chrome extensions. Other ext's are googledocs and user agent swithcher.

TwinHeadedEagle · Jul 12, 2014

Hello,

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

Do not paste the logs in your posts, attachments make my work easier. There is a Upload a File button which you can use to attach your reports. Attach all reports.

Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.

Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

Sheri Evenson · Jul 12, 2014

Thanks for the response. The test is below. Also, 'WinXpert' from this community has started a new conversation with me, requesting a copy of the vmhost.exe file. There was no 'upload a file' on that conversation, should I attach it here?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by sheri at 2014-07-12 07:01:06
Running from C:\Users\sheri\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Basic + Efile 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.02.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6502 - HRB Technology, LLC.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Home Plan Pro version 5.2.25.14 (HKLM-x32\...\{D95AA4F4-9FCF-4BD8-AC07-AB1912A202E2}_is1) (Version: - Home Plan Software)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Samsung CLX-4190 Series (HKLM-x32\...\Samsung CLX-4190 Series) (Version: 1.07 (1/7/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.04.21 (12/10/2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.84.01(12/11/2012) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.06.34 (9/4/2012) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.05 (7/10/2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.00.20.03 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Tax Forms Helper 2012 10.5 (HKLM-x32\...\Tax Forms Helper 2012_is1) (Version: - )
Tax Forms Helper 2013 11.0 (HKLM-x32\...\Tax Forms Helper 2013_is1) (Version: - )
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VIP Stitch Artist (HKLM-x32\...\{05CDEA78-F955-4128-A0FB-1094A6A2C20E}) (Version: 1.00.0000 - Emnet Software Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points =========================

09-07-2014 00:44:17 Revo Uninstaller Pro's restore point - costmin
09-07-2014 11:46:48 Revo Uninstaller Pro's restore point - Ask Toolbar
09-07-2014 12:08:54 Revo Uninstaller Pro's restore point - SaveOn
09-07-2014 12:52:25 Revo Uninstaller Pro's restore point - Ask Toolbar
09-07-2014 12:55:02 Windows Update
10-07-2014 15:52:48 Revo Uninstaller Pro's restore point - Google Chrome
10-07-2014 16:04:37 Revo Uninstaller Pro's restore point - Dropbox
10-07-2014 16:11:32 Revo Uninstaller Pro's restore point - Java 7 Update 60
10-07-2014 16:12:28 Removed Java 7 Update 60
10-07-2014 17:17:59 Revo Uninstaller Pro's restore point - chrome
11-07-2014 00:41:25 Checkpoint by HitmanPro
11-07-2014 00:42:51 Checkpoint by HitmanPro

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {011E4EB5-09B8-4E8B-9A57-DA91A3D848CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0206B888-5641-4DD7-BA50-35E55326B3C9} - \FF Watcher {5C3AEA23-296F-4F46-83CB-DBDD6624E8D7} No Task File <==== ATTENTION
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {185509F3-CB76-41F6-8DF0-C0E45C7F862F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {20E12FE9-7F70-4E65-AA9B-3C025BB11DA1} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {4082C7C1-D7FF-49F7-99D9-EE0C1D0BEEC2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {4E23EB63-0643-4058-AE7D-1B163AA5824E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {4FF79F63-6651-4148-9502-906B6287070D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {90FD8397-C43F-4ED4-8CEF-2EBE01ABE240} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {9F827025-5EA0-4775-87A6-279E6FEB4EFF} - \Microsoft\Windows\Maintenance\Idle-Crawler Update No Task File <==== ATTENTION
Task: {A5A4189D-12F1-477D-B244-B5AA4B038969} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {A5F7A4D2-C94D-4782-BE72-D0A7F1CF66A2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {C58CE1B7-E231-429C-A7E1-242715EB6E5A} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {D0D9D433-01EF-4B68-8F4E-F6ED92C31B72} - System32\Tasks\pick up Jake
Task: {D2DCC199-992D-4BE5-A563-A63664BCF34C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {D85ED685-0662-41EE-8DE1-D1942B54B12C} - \Idle-Crawler Runner No Task File <==== ATTENTION
Task: {E9DCBAFA-3166-47EA-8770-62A7A73D578E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {EDE6218E-3677-4BAD-8AD0-2A6BEC959E0A} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {F93E3557-D301-4563-8EF3-CBE4FDB91804} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {FAC2409E-3B98-422B-91A2-DDDC52A1CCA6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {FCE38BCE-FF2C-4541-AE4A-F980729B6608} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-10 13:09 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-12-09 17:28 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-09-19 11:20 - 2012-02-09 06:28 - 00034304 _____ () C:\Windows\System32\ssy4clm.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-07-12 06:35 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-02-20 22:23 - 2012-02-20 22:23 - 00456704 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-02-20 22:23 - 2012-02-20 22:23 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2011-04-02 00:49 - 2010-09-17 04:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-04-02 00:49 - 2010-09-17 04:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2014-07-11 09:55 - 2014-07-12 06:28 - 00353792 _____ () C:\ProgramData\UpdateTask\vmhost.exe
2014-03-19 07:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-12-06 16:21 - 2011-12-06 16:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
1998-08-28 03:42 - 1998-08-28 03:42 - 00138752 _____ () D:\lotus\organize\ormprot.dll
1998-08-28 03:42 - 1998-08-28 03:42 - 00220160 _____ () D:\lotus\organize\ormutil.dll
1998-08-28 03:42 - 1998-08-28 03:42 - 00153088 _____ () D:\lotus\organize\ormmime.dll
2007-07-12 11:11 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-06-20 17:35 - 2013-06-20 17:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-07-10 20:49 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-10 20:49 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-10 20:49 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-10 20:49 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-10 20:49 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 07:29 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\sheri\AppData\Local\Google\Chrome\User
Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2014 06:19:31 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Catalog Database (1136) Catalog Database: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 9, PgnoRoot: 39) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (6672 => 6690, Catalog Database0).

Error: (07/11/2014 07:39:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11856

Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11856

Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4524

Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4524

Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3338

Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3338

System errors:
=============
Error: (07/12/2014 06:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error:
%%1275

Error: (07/12/2014 06:19:46 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/12/2014 06:18:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect.

Error: (07/11/2014 09:46:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error:
%%1275

Error: (07/11/2014 09:46:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/11/2014 09:44:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect.

Error: (07/11/2014 08:44:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error:
%%1275

Error: (07/11/2014 08:44:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/11/2014 08:43:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect.

Error: (07/11/2014 08:41:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error:
%%1056

Microsoft Office Sessions:
=========================
Error: (07/12/2014 06:19:31 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Catalog Database1136Catalog Database: -327939C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb667266906689

Error: (07/11/2014 07:39:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11856

Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11856

Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4524

Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4524

Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3338

Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3338

CodeIntegrity Errors:
===================================
Date: 2014-07-12 06:28:10.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-12 06:19:46.921
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-12 06:19:46.762
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-12 06:17:29.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 10:20:56.085
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 09:55:53.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 09:46:09.266
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 09:46:09.032
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 09:44:02.292
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 09:22:24.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 5922.21 MB
Available physical RAM: 3639.43 MB
Total Pagefile: 11842.61 MB
Available Pagefile: 9273.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:118.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:331.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=333 GB) - (Type=OF Extended)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by sheri (administrator) on SHERI-PC on 12-07-2014 06:59:19
Running from C:\Users\sheri\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lotus Development Corporation) D:\lotus\organize\easyclip.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS) C:\Windows\AsScrPro.exe
(CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lotus Development Corporation.) D:\lotus\smartctr\suitest.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(VM Host Corporation) C:\ProgramData\MediaDev\1404309117\mediadev.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(VM Host Corporation) C:\ProgramData\UpdateServer\1404331945\webdev.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\ProgramData\UpdateTask\vmhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\UpdateTask\vmhost.exe
(Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [49008 2013-09-24] (CenturyLink Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\1\E_IATIEMA.EXE /FU "C:\Windows\TEMP\E_S71B7.tmp" /EF "HKCU"
HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\MountPoints2: {9d95d695-d9ca-11e2-bce8-5404a603f35f} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\MountPoints2: {bfd27893-e413-11e3-8b84-5404a603f35f} - F:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> D:\lotus\organize\easyclip.exe (Lotus Development Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk
ShortcutTarget: Lotus QuickStart.lnk -> D:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
ShortcutTarget: Lotus SmartCenter.lnk -> D:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
ShortcutTarget: Lotus SuiteStart.lnk -> D:\lotus\smartctr\suitest.exe (Lotus Development Corporation.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

FireFox:
========
FF ProfilePath: C:\Users\sheri\AppData\Roaming\Mozilla\Firefox\Profiles\lrmasvi1.default-1405036654838
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sheri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\sheri\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-02]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\sheri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Catalina Savings Printer) - C:\Users\sheri\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Extension: (Google Docs) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11]
CHR Extension: (Google Drive) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11]
CHR Extension: (Search) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11]
CHR Extension: (CostMin) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokekgnfmegppabphahifeaihcfdjdoe [2014-07-02]
CHR Extension: (User Agent Switcher) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11]
CHR Extension: (CostMin) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokekgnfmegppabphahifeaihcfdjdoe\2.2 [2014-07-02]
CHR HKLM-x32\...\Chrome\Extension: [aaaappmhgaaggeoepicjahnbofmjacog] - C:\Users\sheri\AppData\Local\APN\GoogleCRXs\aaaappmhgaaggeoepicjahnbofmjacog_7.15.4.0.crx [2014-07-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-10] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-10] (SurfRight B.V.)
R2 MediaDevSrv; C:\ProgramData\MediaDev\1404309117\mediadev.exe [366952 2014-07-02] (VM Host Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [239616 2012-09-17] (Samsung Electronics Co., Ltd.) [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 WinDevSrv; C:\ProgramData\UpdateServer\1404331945\webdev.exe [389992 2014-07-02] (VM Host Corporation)
S2 29850aa3; "C:\Windows\system32\rundll32.exe" "c:\progra~2\so_boo~1\AssistantSvc.dll",service
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-10] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-12 06:59 - 2014-07-12 07:00 - 00027147 _____ () C:\Users\sheri\Downloads\FRST.txt
2014-07-12 06:57 - 2014-07-12 06:57 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe
2014-07-12 06:52 - 2014-07-12 06:59 - 00000000 ____D () C:\FRST
2014-07-12 06:52 - 2014-07-12 06:52 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64.exe
2014-07-11 08:33 - 2014-07-11 08:33 - 01348263 _____ () C:\Users\sheri\Downloads\AdwCleaner.exe
2014-07-10 20:49 - 2014-07-10 20:49 - 00895120 _____ (Google Inc.) C:\Users\sheri\Downloads\ChromeSetup.exe
2014-07-10 20:49 - 2014-07-10 20:49 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 20:43 - 2014-07-10 20:43 - 00008998 _____ () C:\Windows\system32\.crusader
2014-07-10 20:16 - 2014-07-10 20:16 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-10 20:15 - 2014-07-10 20:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-10 20:14 - 2014-07-10 20:15 - 11185664 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hitmanpro_x64.exe
2014-07-10 20:13 - 2014-07-12 07:00 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-10 20:13 - 2014-07-11 06:24 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-10 20:13 - 2014-07-10 20:50 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-10 20:13 - 2014-07-10 20:50 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-10 20:13 - 2014-07-10 20:50 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-10 20:12 - 2014-07-10 20:12 - 01889616 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hmpalert.exe
2014-07-10 10:32 - 2014-07-10 10:33 - 01086056 _____ () C:\Users\sheri\Downloads\jvlsetup (1).exe
2014-07-09 07:28 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 07:28 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 07:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 07:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 07:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 07:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 07:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 07:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 07:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 07:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:28 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:28 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:28 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:28 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:28 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 07:28 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 07:28 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 07:28 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 07:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 07:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 07:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 07:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 07:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 07:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:27 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 07:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 07:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 07:27 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 07:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 07:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:27 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 07:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 07:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 07:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 07:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 07:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 07:27 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:27 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:25 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:25 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 07:25 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 20:34 - 2014-07-10 11:47 - 00001236 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\sheri\AppData\Local\VS Revo Group
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-08 20:34 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-07-08 19:33 - 2014-07-08 19:33 - 07921688 _____ (VS Revo Group ) C:\Users\sheri\Downloads\RevoUninProSetup259.exe
2014-07-08 16:10 - 2014-07-08 16:10 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510 (1).xls
2014-07-08 09:12 - 2014-07-08 09:16 - 109632768 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\msert.exe
2014-07-07 13:42 - 2014-07-07 13:42 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510.xls
2014-07-06 10:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-06 10:48 - 2014-07-11 08:40 - 00000000 ____D () C:\AdwCleaner
2014-07-06 10:48 - 2014-07-06 10:48 - 01346519 _____ () C:\Users\sheri\Downloads\adwcleaner_3.214.exe
2014-07-06 10:45 - 2014-07-06 10:45 - 00011643 _____ () C:\Users\sheri\Desktop\JRT.txt
2014-07-06 10:13 - 2014-07-06 10:13 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT (1).exe
2014-07-06 10:05 - 2014-07-06 10:05 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT.exe
2014-07-06 10:05 - 2014-07-06 10:05 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 20:45 - 2014-07-12 06:30 - 00000000 ____D () C:\Users\sheri\AppData\Local\Deployment
2014-07-04 09:55 - 2014-07-04 09:55 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 40510.crdownload
2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 272783.crdownload
2014-07-03 18:06 - 2014-07-03 18:06 - 03231552 _____ () C:\Users\sheri\Downloads\SamsungPrinterInstaller.exe
2014-07-03 12:51 - 2014-07-03 12:51 - 00000000 ____D () C:\ProgramData\CenturyLink
2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink
2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\Qwest
2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\CenturyLink
2014-07-03 12:42 - 2014-07-03 12:42 - 02562904 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(2).exe
2014-07-03 12:34 - 2014-07-03 12:34 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(1).exe
2014-07-03 12:27 - 2014-07-03 12:50 - 00002383 _____ () C:\Windows\CenturyLinkInstallerSetup.log
2014-07-03 12:27 - 2014-07-03 12:27 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup.exe
2014-07-02 20:10 - 2014-07-02 20:10 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60 (1).exe
2014-07-02 16:12 - 2014-07-02 16:12 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-07-02 15:25 - 2014-07-11 08:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 15:25 - 2014-07-11 08:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 13:43 - 2014-07-02 13:44 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-02 13:41 - 2014-07-02 13:41 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60.exe
2014-07-02 12:21 - 2014-07-02 12:21 - 00000000 ____D () C:\Windows\Sun
2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-02 09:51 - 2014-07-02 09:51 - 00000000 ____D () C:\ProgramData\MediaDev
2014-07-02 09:46 - 2014-07-12 06:28 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-07-02 09:40 - 2014-07-02 09:40 - 00001152 _____ () C:\Users\Guest\Desktop\YouTube Accelerator.lnk
2014-07-02 09:39 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\sheri\AppData\Local\Idle-Crawler
2014-07-02 09:39 - 2014-07-09 08:09 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-02 09:39 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-02 09:39 - 2014-07-02 09:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Packages
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\SearchModule
2014-07-02 09:37 - 2014-07-02 09:52 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-07-02 08:19 - 2014-07-02 15:56 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\serv
2014-06-24 13:19 - 2014-06-24 13:19 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00057168 _____ (Microsoft Corporation) C:\Windows\system32\vcomp100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll
2014-06-20 13:41 - 2014-06-20 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 22:12 - 2014-07-02 11:21 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 16:40 - 2014-06-19 16:41 - 00000664 _____ () C:\Users\Guest\Downloads\server.properties
2014-06-19 16:40 - 2014-06-19 16:41 - 00000000 ____D () C:\Users\Guest\Downloads\world
2014-06-19 16:40 - 2014-06-19 16:40 - 10000357 _____ () C:\Users\Guest\Downloads\minecraft_server.1.7.9.exe
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\whitelist.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\usercache.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\ops.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-players.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-ips.json
2014-06-19 16:39 - 2014-06-19 16:39 - 00675988 _____ () C:\Users\Guest\Downloads\Minecraft.exe
2014-06-19 16:39 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-06-17 07:47 - 2014-06-17 07:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ASUS WebStorage
2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-06-17 07:09 - 2014-06-17 07:09 - 00001204 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 07:09 - 2014-06-17 07:09 - 00001196 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk
2014-06-17 07:09 - 2014-06-17 07:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla Firefox
2014-06-17 07:08 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\.minecraft
2014-06-17 07:06 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-06-17 07:05 - 2014-06-17 07:05 - 00121880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-06-17 07:02 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-06-17 07:02 - 2014-06-17 07:26 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Samsung
2014-06-17 07:02 - 2014-06-17 07:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ArcSoft
2014-06-17 07:02 - 2014-06-17 07:02 - 00002257 _____ () C:\Users\Guest\Desktop\Internet Browser.lnk
2014-06-17 07:02 - 2014-06-17 07:02 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\ArcSoft
2014-06-17 07:01 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest
2014-06-17 07:01 - 2014-06-17 07:01 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-06-17 07:01 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Motorola Mobility
2014-06-17 07:01 - 2013-10-11 19:15 - 00002106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-06-17 07:01 - 2011-09-17 21:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-06-17 07:01 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-17 07:01 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys

==================== One Month Modified Files and Folders =======

2014-07-12 07:00 - 2014-07-12 06:59 - 00027147 _____ () C:\Users\sheri\Downloads\FRST.txt
2014-07-12 07:00 - 2014-07-10 20:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-12 06:59 - 2014-07-12 06:52 - 00000000 ____D () C:\FRST
2014-07-12 06:57 - 2014-07-12 06:57 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe
2014-07-12 06:52 - 2014-07-12 06:52 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64.exe
2014-07-12 06:37 - 2013-10-11 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-12 06:30 - 2014-07-04 20:45 - 00000000 ____D () C:\Users\sheri\AppData\Local\Deployment
2014-07-12 06:28 - 2014-07-02 09:46 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-07-12 06:27 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 06:27 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 06:25 - 2011-09-17 21:05 - 01538459 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 06:23 - 2012-07-15 23:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-12 06:18 - 2013-01-16 15:58 - 00000000 ____D () C:\Temp
2014-07-12 06:18 - 2012-07-14 07:07 - 00000000 ___HD () C:\ASUS.DAT
2014-07-12 06:18 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-12 06:17 - 2011-04-02 00:17 - 00795246 _____ () C:\Windows\PFRO.log
2014-07-12 06:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-12 06:17 - 2009-07-14 00:51 - 00177143 _____ () C:\Windows\setupact.log
2014-07-12 00:06 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 08:49 - 2014-07-02 15:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-11 08:48 - 2014-07-02 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 08:40 - 2014-07-06 10:48 - 00000000 ____D () C:\AdwCleaner
2014-07-11 08:33 - 2014-07-11 08:33 - 01348263 _____ () C:\Users\sheri\Downloads\AdwCleaner.exe
2014-07-11 06:24 - 2014-07-10 20:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-10 20:50 - 2014-07-10 20:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-10 20:50 - 2014-07-10 20:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-10 20:50 - 2014-07-10 20:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-10 20:49 - 2014-07-10 20:49 - 00895120 _____ (Google Inc.) C:\Users\sheri\Downloads\ChromeSetup.exe
2014-07-10 20:49 - 2014-07-10 20:49 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 20:49 - 2011-04-02 00:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 20:46 - 2011-09-17 21:19 - 00001776 _____ () C:\Windows\system32\ServiceFilter.ini
2014-07-10 20:44 - 2014-07-10 20:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-10 20:43 - 2014-07-10 20:43 - 00008998 _____ () C:\Windows\system32\.crusader
2014-07-10 20:43 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Idle-Crawler
2014-07-10 20:16 - 2014-07-10 20:16 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-10 20:15 - 2014-07-10 20:14 - 11185664 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hitmanpro_x64.exe
2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-10 20:12 - 2014-07-10 20:12 - 01889616 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hmpalert.exe
2014-07-10 19:30 - 2012-12-12 19:08 - 00735744 ___SH () C:\Users\sheri\Downloads\Thumbs.db
2014-07-10 19:24 - 2009-07-14 01:13 - 00820280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 16:00 - 2013-12-30 14:33 - 00000000 ____D () C:\Users\sheri\Documents\Outlook Files
2014-07-10 14:55 - 2012-09-10 13:11 - 00000000 ____D () C:\Users\sheri\AppData\Local\CutePDF Writer
2014-07-10 11:47 - 2014-07-08 20:34 - 00001236 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-10 10:53 - 2012-09-07 15:28 - 00000000 ___RD () C:\Users\sheri\Dropbox
2014-07-10 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\TAPI
2014-07-10 10:33 - 2014-07-10 10:32 - 01086056 _____ () C:\Users\sheri\Downloads\jvlsetup (1).exe
2014-07-09 19:56 - 2013-09-19 11:50 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-07-09 09:15 - 2009-07-14 00:45 - 00468272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 09:12 - 2014-05-05 20:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:12 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 09:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 09:08 - 2014-01-14 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:02 - 2012-08-29 07:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 08:23 - 2012-07-15 23:47 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 08:23 - 2012-07-15 23:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 08:23 - 2012-07-15 23:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 08:09 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\sheri\AppData\Local\VS Revo Group
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-08 19:33 - 2014-07-08 19:33 - 07921688 _____ (VS Revo Group ) C:\Users\sheri\Downloads\RevoUninProSetup259.exe
2014-07-08 16:10 - 2014-07-08 16:10 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510 (1).xls
2014-07-08 09:16 - 2014-07-08 09:12 - 109632768 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\msert.exe
2014-07-07 13:42 - 2014-07-07 13:42 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510.xls
2014-07-07 11:22 - 2014-02-20 16:53 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\.minecraft
2014-07-07 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-07 07:22 - 2012-12-10 07:58 - 00629760 ___SH () C:\Users\sheri\Desktop\Thumbs.db
2014-07-06 10:48 - 2014-07-06 10:48 - 01346519 _____ () C:\Users\sheri\Downloads\adwcleaner_3.214.exe
2014-07-06 10:45 - 2014-07-06 10:45 - 00011643 _____ () C:\Users\sheri\Desktop\JRT.txt
2014-07-06 10:31 - 2012-08-30 16:48 - 00000000 ____D () C:\Users\sheri\AppData\Local\CrashDumps
2014-07-06 10:13 - 2014-07-06 10:13 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT (1).exe
2014-07-06 10:05 - 2014-07-06 10:05 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT.exe
2014-07-06 10:05 - 2014-07-06 10:05 - 00000000 ____D () C:\Windows\ERUNT
2014-07-05 14:23 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-05 10:24 - 2012-07-14 07:07 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-07-05 10:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2014-07-04 20:45 - 2012-12-09 17:05 - 00000000 ____D () C:\Users\sheri\AppData\Local\Apps\2.0
2014-07-04 10:00 - 2012-12-09 18:01 - 00000000 ____D () C:\Users\sheri\AppData\Local\Paint.NET
2014-07-04 09:55 - 2014-07-04 09:55 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-07-04 09:55 - 2012-12-09 18:02 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-04 09:55 - 2012-12-09 18:02 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 40510.crdownload
2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 272783.crdownload
2014-07-04 07:50 - 2011-09-17 21:19 - 00002896 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-07-03 18:06 - 2014-07-03 18:06 - 03231552 _____ () C:\Users\sheri\Downloads\SamsungPrinterInstaller.exe
2014-07-03 12:58 - 2012-08-23 17:33 - 00816570 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-03 12:51 - 2014-07-03 12:51 - 00000000 ____D () C:\ProgramData\CenturyLink
2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink
2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\Qwest
2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\CenturyLink
2014-07-03 12:50 - 2014-07-03 12:27 - 00002383 _____ () C:\Windows\CenturyLinkInstallerSetup.log
2014-07-03 12:50 - 2011-09-17 21:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-03 12:42 - 2014-07-03 12:42 - 02562904 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(2).exe
2014-07-03 12:34 - 2014-07-03 12:34 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(1).exe
2014-07-03 12:27 - 2014-07-03 12:27 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup.exe
2014-07-03 11:58 - 2012-12-10 10:46 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-03 08:08 - 2012-07-14 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-03 08:07 - 2012-12-10 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-02 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-02 20:13 - 2013-11-15 17:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-02 20:10 - 2014-07-02 20:10 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60 (1).exe
2014-07-02 16:12 - 2014-07-02 16:12 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-07-02 15:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-07-02 15:56 - 2014-07-02 08:19 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\serv
2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 15:25 - 2012-10-07 10:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Malwarebytes
2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-02 15:02 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Free Download Manager
2014-07-02 15:01 - 2011-04-02 00:36 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 15:01 - 2011-04-02 00:36 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 13:44 - 2014-07-02 13:43 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-02 13:41 - 2014-07-02 13:41 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60.exe
2014-07-02 13:19 - 2012-11-19 19:15 - 00000000 ____D () C:\ProgramData\Skype
2014-07-02 12:21 - 2014-07-02 12:21 - 00000000 ____D () C:\Windows\Sun
2014-07-02 12:10 - 2012-11-19 19:15 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Skype
2014-07-02 11:21 - 2014-06-19 22:12 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-02 10:23 - 2011-09-17 21:20 - 00000000 ____D () C:\ProgramData\Temp
2014-07-02 09:52 - 2014-07-02 09:37 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-07-02 09:51 - 2014-07-02 09:51 - 00000000 ____D () C:\ProgramData\MediaDev
2014-07-02 09:40 - 2014-07-02 09:40 - 00001152 _____ () C:\Users\Guest\Desktop\YouTube Accelerator.lnk
2014-07-02 09:39 - 2014-07-02 09:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Packages
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\SearchModule
2014-07-02 09:39 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-02 09:39 - 2012-07-14 07:11 - 00000000 ____D () C:\Users\sheri\AppData\Local\Google
2014-07-02 09:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-02 09:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-30 12:54 - 2013-11-02 08:48 - 00000000 ____D () C:\Users\sheri\Desktop\Recipes
2014-06-29 22:09 - 2014-07-09 07:28 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 07:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00057168 _____ (Microsoft Corporation) C:\Windows\system32\vcomp100.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll
2014-06-22 06:55 - 2012-07-14 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 16:14 - 2014-07-09 07:28 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 07:27 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 13:42 - 2014-06-20 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 16:41 - 2014-06-19 16:40 - 00000664 _____ () C:\Users\Guest\Downloads\server.properties
2014-06-19 16:41 - 2014-06-19 16:40 - 00000000 ____D () C:\Users\Guest\Downloads\world
2014-06-19 16:40 - 2014-06-19 16:40 - 10000357 _____ () C:\Users\Guest\Downloads\minecraft_server.1.7.9.exe
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\whitelist.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\usercache.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\ops.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-players.json
2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-ips.json
2014-06-19 16:39 - 2014-06-19 16:39 - 00675988 _____ () C:\Users\Guest\Downloads\Minecraft.exe
2014-06-19 16:39 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-06-19 16:39 - 2014-06-17 07:08 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\.minecraft
2014-06-18 21:39 - 2014-07-09 07:27 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 07:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 07:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 07:27 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 07:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 07:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:41 - 2014-07-09 07:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:32 - 2014-07-09 07:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 07:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 07:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 07:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 07:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 07:27 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 07:28 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 07:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 07:27 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 07:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 07:27 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 07:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 07:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 07:27 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 07:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 07:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 07:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 07:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 07:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 07:27 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:28 - 2014-07-09 07:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:27 - 2014-07-09 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 07:27 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 07:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 07:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 07:28 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 07:28 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 07:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 07:27 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 07:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 07:27 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 07:27 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 07:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 07:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 07:27 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 07:27 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 07:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 07:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 07:27 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 07:28 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 07:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 07:28 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 07:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 07:28 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 07:47 - 2014-06-17 07:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ASUS WebStorage
2014-06-17 07:26 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Samsung
2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-06-17 07:09 - 2014-06-17 07:09 - 00001204 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 07:09 - 2014-06-17 07:09 - 00001196 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk
2014-06-17 07:09 - 2014-06-17 07:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla Firefox
2014-06-17 07:06 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-06-17 07:05 - 2014-06-17 07:05 - 00121880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-06-17 07:03 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ArcSoft
2014-06-17 07:02 - 2014-06-17 07:02 - 00002257 _____ () C:\Users\Guest\Desktop\Internet Browser.lnk
2014-06-17 07:02 - 2014-06-17 07:02 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go
2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\ArcSoft
2014-06-17 07:02 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest
2014-06-17 07:02 - 2011-04-02 00:49 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-06-17 07:01 - 2014-06-17 07:01 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-06-17 07:01 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Motorola Mobility
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Guest\AppData\Local\Temp\f.exe
C:\Users\Guest\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite21241.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite44912.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94343.dll
C:\Users\sheri\AppData\Local\Temp\APNSetup.exe
C:\Users\sheri\AppData\Local\Temp\cabex.dll
C:\Users\sheri\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhwqfm.dll
C:\Users\sheri\AppData\Local\Temp\paint.net.4.0.install.exe
C:\Users\sheri\AppData\Local\Temp\Quarantine.exe
C:\Users\sheri\AppData\Local\Temp\unelevate.exe
C:\Users\sheri\AppData\Local\Temp\v-bates.exe
C:\Users\sheri\AppData\Local\Temp\VARemove.exe
C:\Users\sheri\AppData\Local\Temp\youtubeAccelerator_partnerobr_setup.exe
C:\Users\sheri\AppData\Local\Temp\_is1825.exe
C:\Users\sheri\AppData\Local\Temp\_is2407.exe
C:\Users\sheri\AppData\Local\Temp\_isA812.exe
C:\Users\sheri\AppData\Local\Temp\_isD4C.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-07 09:11

==================== End Of Log ============================

TwinHeadedEagle · Jul 12, 2014

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Catalina Savings Printer

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Tell me how is your computer now?

Sheri Evenson · Jul 12, 2014

I was so hopeful..... The Updatetask folder was gone. So I went online...and the costmin extension was gone. I could hear the videos. Then I got a popup from: www.immediate-support.com says: Warning! You have excessive popups. please call 1-855-412-1786. With that, the updatetask and vmhost are back on my program list, and VM file module is in the audio mixer. Costmin isn't showing. (you should see all the ads on this page). I'm also getting a 'cannot start application' notification on my desktop. I've pasted that log below.

PLATFORM VERSION INFO
Windows : 6.1.7601.65536 (Win32NT)
Common Language Runtime : 4.0.30319.18444
System.Deployment.dll : 4.0.30319.18408 built by: FX451RTMGREL
clr.dll : 4.0.30319.18444 built by: FX451RTMGDR
dfdll.dll : 4.0.30319.18408 built by: FX451RTMGREL
dfshim.dll : 4.0.41209.0 (Main.041209-0000)

SOURCES
Deployment url : http://ads.firstimpwins.com/creativ...SERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://ads.firstimpwins.com/creativ...SERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE resulted in exception. Following failure messages were detected:
+ Exception reading manifest from http://ads.firstimpwins.com/creativ...SERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE: the manifest may not be valid or the file could not be opened.
+ An error occurred while parsing EntityName. Line 1, position 43.

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [7/12/2014 8:47:08 AM] : Activation of http://ads.firstimpwins.com/creativ...SERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE has started.

ERROR DETAILS
Following errors were detected during this operation.
* [7/12/2014 8:47:09 AM] System.Deployment.Application.InvalidDeploymentException (ManifestParse)
- Exception reading manifest from http://ads.firstimpwins.com/creativ...SERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE: the manifest may not be valid or the file could not be opened.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirectBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Xml.XmlException
- An error occurred while parsing EntityName. Line 1, position 43.
- Source: System.Xml
- Stack trace:
at System.Xml.XmlTextReaderImpl.Throw(String res, String arg)
at System.Xml.XmlTextReaderImpl.ParseEntityName()
at System.Xml.XmlTextReaderImpl.ParseAttributeValueSlow(Int32 curPos, Char quoteChar, NodeData attr)
at System.Xml.XmlTextReaderImpl.ParseAttributes()
at System.Xml.XmlTextReaderImpl.ParseElement()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlCharCheckingReader.Read()
at System.Xml.XsdValidatingReader.Read()
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.

TwinHeadedEagle · Jul 12, 2014

Please run FRST one more time, press Scan and attach report.

TwinHeadedEagle · Jul 12, 2014

Please attach report instead of copying them...

Sheri Evenson · Jul 12, 2014

If it helps, the files downloaded on 7/2 at 9:39 may be when the malware was downloaded. If those are ok, then it was just prior to then.

Sheri Evenson · Jul 12, 2014

sorry

TwinHeadedEagle · Jul 12, 2014

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Sheri Evenson · Jul 12, 2014

Speakers seem to be ok - pop ups from 'Browseer Sshop' are still everywhere. Plus, I am getting a popup on any web page (including this one) saying updates are required. The latest is from www.homemovieshd.com. The only thing that can be done, without touching that box, is to use windows task manager to close chrome.

TwinHeadedEagle · Jul 12, 2014

Can your reset your router to factory settings?

Sheri Evenson · Jul 12, 2014

It is a new router. At some point on Thursday, the old one died and my provider switched it out. My theory is that all the background activity fried it. I was in the middle of the first round of scans when it died. Since I have no idea how to change the settings, it should still be factory defaults.

TwinHeadedEagle · Jul 13, 2014

What is your router model?

Sheri Evenson · Jul 13, 2014

PK5001Z

TwinHeadedEagle · Jul 13, 2014

Follow this to reset your router

http://internethelp.centurylink.com...5001z-utilities-restore-factory-defaults.html

Sheri Evenson · Jul 13, 2014

router has been reset - still getting pop ups that state I need upgrades. These make me shut down Chrome thru task manager, as I can't switch tabs or get to Chromes' menu.

TwinHeadedEagle · Jul 13, 2014

Run FRST one more time, press scan , and attach fresh report.

Sheri Evenson · Jul 13, 2014

You had me uninstall Catalina Savings Printer, and I now see it is on my desktop. Was it loaded twice, or did it load itself again? Properties state it's an executable program.

TwinHeadedEagle · Jul 13, 2014

You can delete it. PC seems clean, tell me how is situation after one more fix?

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Solved vmhost and costmin 2.2 reinstall after removal

New Member

Level 41

New Member

Level 41

Attachments

New Member

Attachments

Level 41

Level 41

New Member

New Member

Attachments

Level 41

Attachments

New Member

Attachments

Level 41

New Member

Level 41

New Member

Level 41

New Member

Level 41

New Member

Attachments

Level 41

Attachments

Similar threads