Win32/Branstall.B - removal

[Lynne Haywood]

Spent a whole day using the seven processes suggested by MalwareTips to remove TrojanDownloader:Win32/Branstall.B
Then ran Microsoft Security Essentials which found it again.
This is probably because Branstall.B will have come in again via email in Windows Live Mail.
Mail arrives as false bank message, false parcel delivery message, false Paypal message etc
I do not open the mail.

NOTE: My laptop is Apple MacBook Pro but also has Windows 7 Professional on it and that is what I am using.

Can anything be done to stop the infected mail delivery?

 

[TwinHeadedEagle]

Hello,


Before we start please read and note the following:

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

Do not paste the logs in your posts, attachments make my work easier. There is a Upload a File button which you can use to attach your reports. Attach all reports.

Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.

Note that we may live in totally different time zones, what may cause some delays between answers.

Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 

[Lynne Haywood]

Thanks for your help. I do not have a business PC. I purchased Windows 7 Professional as I expected more features but that was years ago.

 

[TwinHeadedEagle]

No problem, proceed with my instructions

 

[Lynne Haywood]

FIRST TEXT
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Deepthought (administrator) on DEEPTHOUGHT-PC on 16-07-2014 21:00:13
Running from C:\Users\Deepthought\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Shanghai DS-Mobile Technology Co., Ltd.) C:\Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Shanghai DS-Mobile Technology Co., Ltd.) C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-08-15] (Apple Inc.)
HKLM\...\Run: [EdgeModem-AutoRun] => C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe [86016 2010-03-21] (Shanghai DS-Mobile Technology Co., Ltd.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\Run: [Google Update] => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-11] (Google Inc.)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {0b9fe382-e078-11e0-9980-b9f5dbeac1b8} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {472e820d-ecef-11e0-9881-60fb427891ba} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {4e941606-901c-11df-8129-0026bb19f52f} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {4e94160c-901c-11df-8129-0026bb19f52f} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {519c4a63-0abc-11e1-9cfd-64b9e8c20a1e} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {5a365c4c-f9f3-11e0-b866-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {5a365c66-f9f3-11e0-b866-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {5d0c3348-a256-11df-a11c-0026bb19f52f} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {674568ac-0bbd-11e1-bb63-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {783e0e24-e755-11e0-9906-60fb427891ba} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {783e0e27-e755-11e0-9906-60fb427891ba} - H:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {7916d6a7-0506-11e1-970e-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {7ab5aa0f-f9f0-11e0-9922-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {b147d10c-0b5c-11e1-9cf6-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {b8099156-0bbe-11e1-ba99-8a5373bfbb4d} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {b8099159-0bbe-11e1-ba99-8a5373bfbb4d} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {bb06782e-d874-11e0-9f92-f9a15cfb5b88} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {ce8d1e6b-e082-11e0-9cf5-a4c418ff82b0} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {e0218f5a-a23e-11df-98cf-0026bb19f52f} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {eea2b1c6-ffeb-11e0-bb16-64b9e8c20a1e} - G:\AutoRun.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {f3cf1638-1326-11e2-af9d-60fb427891ba} - F:\Startme.exe
HKU\S-1-5-21-3687737911-3880605115-1145795470-1000\...\MountPoints2: {f41baf85-f2ff-11e0-b937-64b9e8c20a1e} - G:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\Users\Deepthought\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL London Advent Calendar.lnk
ShortcutTarget: JL London Advent Calendar.lnk -> C:\Program Files\JL London Advent Calendar\JL London Advent Calendar.exe ()
Startup: C:\Users\Deepthought\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0D2F95E0707CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/resul...GyC0EyCzy0F0FyE0DyB0CyDyE2Q&cr=1958936325&ir=
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - {1C489B14-E13B-40F4-ABE4-3470A8BE9B19} URL = http://websearch.ask.com/redirect?c...pn_sauid=8AB166E5-3A93-4EEA-81C9-AD35D6EE3CF2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/resul...GyC0EyCzy0F0FyE0DyB0CyDyE2Q&cr=1958936325&ir=
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Deepthought\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Deepthought\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Deepthought\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Deepthought\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Deepthought\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Deepthought\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M514D51D8-2662-4897-BB77-D92EAFFA1BA2&SearchSource=55&CUI=&UM=6&UP=SP24CCD76C-1FA0-44A3-826C-0E119A9E4845&SSPV="
CHR Extension: (Google Docs) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-06]
CHR Extension: (Google Drive) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-09]
CHR Extension: (Splendid) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-09]
CHR Extension: (Google Search) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-09]
CHR Extension: (Wowcher) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmninpjflmkicjdemjjgoncnaadfflh [2014-05-11]
CHR Extension: (Skype Click to Call) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]
CHR Extension: (Blog This!) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk [2014-05-11]
CHR Extension: (Gmail) - C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-09]
CHR HKLM\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2014-05-09]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-08-15] ()
R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-01-16] (Apple Inc.)
R2 EdgeModem-DrvSrv; C:\Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe [163840 2010-03-21] (Shanghai DS-Mobile Technology Co., Ltd.) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-21] (SEIKO EPSON CORPORATION)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()
R2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AppleBtBc; C:\Windows\System32\DRIVERS\AppleBtBc.sys [18944 2011-06-28] (Apple Inc.)
R0 AppleHFS; C:\Windows\system32\Drivers\AppleHFS.sys [58200 2011-08-15] (Apple Inc.)
R0 AppleMNT; C:\Windows\system32\Drivers\AppleMNT.sys [15320 2011-08-15] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-01-31] (Apple Inc.)
R3 CirrusFilter; C:\Windows\System32\DRIVERS\CS420x86.sys [14336 2010-10-14] (Cirrus Logic)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-07-15] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-15] ()
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15064 2011-08-15] (Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-06-02] (Apple Inc.)
R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-11-11] (Apple Inc.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl145d4348; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B58D824D-9214-463E-BC6A-DFEC47D15DD2}\MpKsl145d4348.sys [39464 2014-07-16] (Microsoft Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [358040 2014-07-01] ()
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S1 utqhtnmu; \??\C:\Windows\system32\drivers\utqhtnmu.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 21:00 - 2014-07-16 21:02 - 00025114 _____ () C:\Users\Deepthought\Desktop\FRST.txt
2014-07-16 20:59 - 2014-07-16 21:00 - 00000000 ___DC () C:\FRST
2014-07-16 20:56 - 2014-07-16 20:58 - 01077248 _____ (Farbar) C:\Users\Deepthought\Desktop\FRST.exe
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{31B3CBAF-3860-4837-B99E-07DEF9A173C3}
2014-07-16 01:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-16 01:00 - 2014-07-16 01:01 - 01348263 _____ () C:\Users\Deepthought\Desktop\adwcleaner_3.215.exe
2014-07-15 23:02 - 2014-07-15 23:02 - 00000554 _____ () C:\Users\Deepthought\Desktop\Emsisoft Emergency Kit.lnk
2014-07-15 23:01 - 2014-07-15 23:02 - 00000000 ___DC () C:\EEK
2014-07-15 22:28 - 2014-07-15 22:40 - 217618512 _____ () C:\Users\Deepthought\Desktop\EmsisoftEmergencyKit.exe
2014-07-15 20:31 - 2014-07-15 20:31 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-07-15 20:29 - 2014-07-15 20:29 - 00011666 _____ () C:\Windows\system32\.crusader
2014-07-15 20:25 - 2014-07-15 20:26 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{1CC84C3F-5234-41E3-B877-79A928388AE4}
2014-07-15 18:01 - 2014-07-15 22:02 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-15 18:01 - 2014-07-15 20:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 17:40 - 2014-07-15 17:44 - 10278752 _____ (SurfRight B.V.) C:\Users\Deepthought\Desktop\HitmanPro.exe
2014-07-15 16:58 - 2014-07-15 16:58 - 04770904 _____ () C:\Users\Deepthought\Desktop\RogueKiller.exe
2014-07-15 16:58 - 2014-07-15 16:58 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-15 16:58 - 2014-07-15 16:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 16:42 - 2014-07-15 16:42 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{77A0E663-7497-4EB3-9F78-AAF3848852C1}
2014-07-15 15:56 - 2014-07-15 15:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 15:54 - 2014-07-15 15:54 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 15:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 15:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 15:54 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 15:51 - 2014-07-15 15:53 - 00000000 ____D () C:\Users\Deepthought\Desktop\PHONEpics
2014-07-15 15:46 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Deepthought\Desktop\MEETUP
2014-07-15 15:43 - 2014-07-15 15:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Deepthought\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-15 15:18 - 2014-07-15 15:21 - 00004106 _____ () C:\Users\Deepthought\Desktop\Rkill.txt
2014-07-15 15:17 - 2014-07-15 15:17 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Deepthought\Desktop\iExplore.exe
2014-07-15 09:32 - 2014-07-15 09:33 - 04161313 _____ () C:\Users\Deepthought\Desktop\tdsskiller.zip
2014-07-14 19:39 - 2014-07-14 19:39 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{6416ACD6-B9A2-4429-872D-32140E2F3BFF}
2014-07-14 10:31 - 2014-07-14 10:31 - 00026431 _____ () C:\Users\Deepthought\Desktop\BenKPJGCIAA0pQ0.jpg-large
2014-07-14 04:24 - 2014-07-14 04:24 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{35A40651-0B1C-47EE-BEE5-AAF34836014D}
2014-07-13 19:39 - 2014-07-13 19:39 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{D35EEFE3-464C-41DC-9208-E6E63E7A061C}
2014-07-13 07:38 - 2014-07-13 07:38 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{FB1D2D8B-9B56-49FA-9ECC-484AB1828572}
2014-07-11 23:11 - 2014-07-11 23:11 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{64A09E20-2241-49F2-B4CB-EE36E91BE3F9}
2014-07-11 11:09 - 2014-07-11 11:10 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{27D684E6-C595-4DEB-B127-8672F91B43EC}
2014-07-10 22:21 - 2014-07-10 22:22 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{EF7F3A1F-D49E-4305-9440-CACD70B4973B}
2014-07-10 10:20 - 2014-07-10 10:20 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{46083193-0907-45F5-8740-5E137371A465}
2014-07-09 12:50 - 2014-07-09 12:51 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CB307D25-1908-4450-823D-2C5E5DD78EBD}
2014-07-09 09:23 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:23 - 2014-06-18 01:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:22 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:22 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:22 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:22 - 2014-06-19 00:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:22 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:22 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:22 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:22 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:22 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:22 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:22 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:22 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:22 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:22 - 2014-06-19 00:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:22 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:22 - 2014-06-19 00:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:22 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:22 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:22 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:22 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:22 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:22 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:22 - 2014-06-18 23:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:22 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:22 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:22 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:22 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:22 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:22 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:22 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:21 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:21 - 2014-05-30 07:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:20 - 2014-06-05 15:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:50 - 2014-07-09 00:50 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{E97D9699-FD93-42D8-A0BA-D2197A121887}
2014-07-08 12:48 - 2014-07-08 12:49 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{16A04795-E2C9-46F2-A78D-7B2E6A9EF315}
2014-07-07 23:48 - 2014-07-07 23:48 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{B964613C-EFEA-4D5E-B9C5-8E42917EFEB0}
2014-07-07 09:02 - 2014-07-07 09:03 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{EB8204C1-9A9F-4099-B541-904740D699E1}
2014-07-06 20:12 - 2014-07-06 20:12 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8A0B1C74-6C83-45DE-8709-58800D3E020D}
2014-07-06 07:27 - 2014-07-06 07:28 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{F23F1E6D-57FE-4793-B1BD-9D97067BA30E}
2014-07-05 15:41 - 2014-07-05 15:41 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{D3440294-5D52-46CB-A7B4-AE9013D8AA35}
2014-07-04 21:24 - 2014-07-04 21:24 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{6F98FD79-1BEB-40F8-90ED-750C0248E870}
2014-07-04 20:57 - 2014-07-04 20:57 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{FC840846-BBC9-488C-9539-C1271A027537}
2014-07-04 11:00 - 2014-07-04 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140704-110010.backup
2014-07-04 02:34 - 2014-07-04 02:34 - 00001005 _____ () C:\Users\Deepthought\Desktop\KMPlayer.lnk
2014-07-04 01:58 - 2014-07-04 01:58 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{513F9C20-8D99-4E79-9D43-861AD1F6C255}
2014-07-03 13:56 - 2014-07-03 13:56 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8B7BA651-3BC0-4775-A15C-565DF1FF3BF4}
2014-07-03 12:44 - 2014-07-03 12:51 - 00000000 ____D () C:\Users\Deepthought\Desktop\INDIA-FabricRoof
2014-07-03 01:55 - 2014-07-03 01:55 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{B8500B17-BA60-4C4B-9C97-CCF7FF09E5BE}
2014-07-01 18:43 - 2006-10-29 13:47 - 80680414 _____ () C:\Users\Deepthought\Desktop\onegbstickdownload 372.avi
2014-07-01 18:43 - 2006-10-29 13:46 - 65434204 _____ () C:\Users\Deepthought\Desktop\onegbstickdownload 371.avi
2014-07-01 18:04 - 2014-07-15 15:51 - 00000000 ____D () C:\Users\Deepthought\Desktop\INDIA-MalabarCoveAREA
2014-07-01 09:26 - 2014-07-01 09:50 - 00000000 ____D () C:\Users\Deepthought\Desktop\New folder
2014-07-01 08:51 - 2014-07-01 08:52 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{01B29BEC-F855-4652-BEC2-50170D5CEB09}
2014-07-01 08:14 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Deepthought\Desktop\Ruby
2014-07-01 07:51 - 2014-07-01 01:06 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-075131.backup
2014-07-01 01:06 - 2014-07-01 01:00 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-010638.backup
2014-06-30 13:36 - 2014-06-30 13:36 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CEE202D4-29A3-4315-8BB0-C83871FC238F}
2014-06-29 10:20 - 2014-06-29 10:20 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CCB63173-E9CF-40E0-B6BE-29DC5BD00266}
2014-06-28 01:37 - 2014-06-28 01:38 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{A698F8D0-CEAB-4F0E-BBD6-43217ACEAAF1}
2014-06-27 10:34 - 2014-06-27 10:34 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{12A763A3-A038-4CB4-87EB-C9D114461427}
2014-06-26 11:16 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CB532378-AA6D-4325-88EE-2628F259CF79}
2014-06-25 10:38 - 2014-06-25 10:38 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{BB19FA91-21A6-4386-AC48-266875E6D252}
2014-06-24 21:26 - 2014-06-24 21:26 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8D038CA3-EAC5-4FAC-8975-61B50091F8A1}
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{4CCC6915-995B-40AB-A6C7-EB155F65C8BC}
2014-06-24 07:40 - 2014-06-24 07:40 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{975C687B-156F-4315-A763-F69FAD29F6E4}
2014-06-23 20:44 - 2014-07-16 20:49 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA1cf8f1b84915640.job
2014-06-23 20:44 - 2014-07-16 20:49 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core1cf8f1b8079ab20.job
2014-06-23 12:15 - 2014-06-23 12:15 - 00123544 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2014-06-23 10:50 - 2014-06-23 10:50 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{FEA04448-B587-4194-82EA-EDD494E471AC}
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL
2014-06-23 10:47 - 2013-12-13 00:45 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\Trusteer
2014-06-23 10:47 - 2013-12-13 00:45 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\Trusteer
2014-06-23 10:47 - 2013-12-13 00:45 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\Trusteer
2014-06-23 10:47 - 2013-12-13 00:45 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\Trusteer
2014-06-23 10:47 - 2013-12-13 00:45 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\Trusteer
2014-06-23 02:00 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140623-020043.backup
2014-06-23 01:38 - 2014-07-04 02:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-23 01:38 - 2014-06-23 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-23 01:38 - 2014-06-23 01:38 - 00002143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-23 01:38 - 2014-06-23 01:38 - 00002131 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-23 01:38 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-23 01:36 - 2014-06-23 02:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-23 01:34 - 2014-06-23 01:34 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\Deepthought\Desktop\spybot2-license.exe
2014-06-22 22:20 - 2014-06-22 22:20 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{23B059E2-3329-473D-B955-20B74F8DB45C}
2014-06-22 10:18 - 2014-06-22 10:18 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{DD2ECD8C-7AE2-48CA-BB50-CB34F6FB093D}
2014-06-21 19:47 - 2014-06-21 19:47 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{56B89618-DF86-4CC0-BBF2-913245DCFD95}
2014-06-21 07:48 - 2014-06-21 07:48 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{36F1CC58-7B3F-49A6-9BAC-965C374511E1}
2014-06-20 19:47 - 2014-06-20 19:48 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{DDBA49F2-2322-479D-8F9C-515893E8A51D}
2014-06-20 05:03 - 2014-06-20 05:03 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{27FFA68F-8A24-458F-9639-A3E834846A6E}
2014-06-18 13:50 - 2014-06-18 15:27 - 00000000 ____D () C:\Users\Deepthought\Desktop\SeaBreeze-PHILIP
2014-06-18 11:35 - 2014-06-18 11:35 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{11769BB7-B731-4480-B2A9-D5E654165529}
2014-06-18 08:55 - 2014-07-16 20:47 - 00000000 ____D () C:\Users\Deepthought\Desktop\QUICKpics
2014-06-17 23:33 - 2014-06-17 23:33 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{300F6281-E828-46E1-9802-77B4EB28F76A}
2014-06-17 11:32 - 2014-06-17 11:32 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{5AF02409-6533-47F0-95B4-EA0D4C73EC34}
2014-06-16 23:31 - 2014-06-16 23:31 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{D2462926-68E7-4492-91A4-A0F0498BBCAA}
2014-06-16 11:29 - 2014-06-16 11:29 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{B0706808-988B-4925-B6EF-C0BEB6BA4DF0}
2014-06-16 10:35 - 2014-06-16 10:35 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8A7C9E06-8126-455B-ACB5-5CFF26C81071}

==================== One Month Modified Files and Folders =======

2014-07-16 21:02 - 2014-07-16 21:00 - 00025114 _____ () C:\Users\Deepthought\Desktop\FRST.txt
2014-07-16 21:00 - 2014-07-16 20:59 - 00000000 ___DC () C:\FRST
2014-07-16 20:58 - 2014-07-16 20:56 - 01077248 _____ (Farbar) C:\Users\Deepthought\Desktop\FRST.exe
2014-07-16 20:49 - 2014-06-23 20:44 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA1cf8f1b84915640.job
2014-07-16 20:49 - 2014-06-23 20:44 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core1cf8f1b8079ab20.job
2014-07-16 20:47 - 2014-06-18 08:55 - 00000000 ____D () C:\Users\Deepthought\Desktop\QUICKpics
2014-07-16 20:42 - 2014-02-11 15:25 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA.job
2014-07-16 20:38 - 2011-05-23 18:38 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 20:28 - 2012-07-28 23:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 19:58 - 2010-01-03 18:19 - 01254977 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{31B3CBAF-3860-4837-B99E-07DEF9A173C3}
2014-07-16 18:38 - 2011-05-23 18:38 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 09:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-16 02:05 - 2009-07-14 05:34 - 00013984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 02:05 - 2009-07-14 05:34 - 00013984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 01:58 - 2010-08-31 19:55 - 00000000 ____D () C:\Users\Deepthought\Tracing
2014-07-16 01:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 01:56 - 2012-08-02 17:59 - 00052429 _____ () C:\Windows\setupact.log
2014-07-16 01:56 - 2010-01-03 18:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-16 01:56 - 2010-01-03 18:36 - 00250138 _____ () C:\Windows\PFRO.log
2014-07-16 01:39 - 2013-10-06 12:29 - 00000000 ___DC () C:\AdwCleaner
2014-07-16 01:01 - 2014-07-16 01:00 - 01348263 _____ () C:\Users\Deepthought\Desktop\adwcleaner_3.215.exe
2014-07-15 23:02 - 2014-07-15 23:02 - 00000554 _____ () C:\Users\Deepthought\Desktop\Emsisoft Emergency Kit.lnk
2014-07-15 23:02 - 2014-07-15 23:01 - 00000000 ___DC () C:\EEK
2014-07-15 22:44 - 2014-02-11 15:25 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core.job
2014-07-15 22:40 - 2014-07-15 22:28 - 217618512 _____ () C:\Users\Deepthought\Desktop\EmsisoftEmergencyKit.exe
2014-07-15 22:02 - 2014-07-15 18:01 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-15 20:52 - 2014-07-15 18:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 20:31 - 2014-07-15 20:31 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-07-15 20:29 - 2014-07-15 20:29 - 00011666 _____ () C:\Windows\system32\.crusader
2014-07-15 20:26 - 2014-07-15 20:25 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{1CC84C3F-5234-41E3-B877-79A928388AE4}
2014-07-15 17:44 - 2014-07-15 17:40 - 10278752 _____ (SurfRight B.V.) C:\Users\Deepthought\Desktop\HitmanPro.exe
2014-07-15 16:58 - 2014-07-15 16:58 - 04770904 _____ () C:\Users\Deepthought\Desktop\RogueKiller.exe
2014-07-15 16:58 - 2014-07-15 16:58 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-15 16:58 - 2014-07-15 16:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 16:42 - 2014-07-15 16:42 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{77A0E663-7497-4EB3-9F78-AAF3848852C1}
2014-07-15 16:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-07-15 15:57 - 2014-07-15 15:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 15:54 - 2014-07-15 15:54 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 15:53 - 2014-07-15 15:51 - 00000000 ____D () C:\Users\Deepthought\Desktop\PHONEpics
2014-07-15 15:53 - 2014-02-24 16:19 - 00000000 ____D () C:\Users\Deepthought\Desktop\DARTFORD
2014-07-15 15:51 - 2014-07-15 15:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Deepthought\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-15 15:51 - 2014-07-01 18:04 - 00000000 ____D () C:\Users\Deepthought\Desktop\INDIA-MalabarCoveAREA
2014-07-15 15:50 - 2014-06-11 17:44 - 00000000 ____D () C:\Users\Deepthought\Desktop\CHESTERFIELDandNEAR-property
2014-07-15 15:47 - 2014-07-15 15:46 - 00000000 ____D () C:\Users\Deepthought\Desktop\MEETUP
2014-07-15 15:47 - 2014-07-01 08:14 - 00000000 ____D () C:\Users\Deepthought\Desktop\Ruby
2014-07-15 15:21 - 2014-07-15 15:18 - 00004106 _____ () C:\Users\Deepthought\Desktop\Rkill.txt
2014-07-15 15:17 - 2014-07-15 15:17 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Deepthought\Desktop\iExplore.exe
2014-07-15 15:11 - 2011-12-31 13:35 - 16832512 ___SH () C:\Users\Deepthought\Desktop\Thumbs.db
2014-07-15 09:33 - 2014-07-15 09:32 - 04161313 _____ () C:\Users\Deepthought\Desktop\tdsskiller.zip
2014-07-15 00:35 - 2014-05-08 22:35 - 00000069 _____ () C:\Users\Deepthought\AppData\Roaming\WB.CFG
2014-07-14 22:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 19:39 - 2014-07-14 19:39 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{6416ACD6-B9A2-4429-872D-32140E2F3BFF}
2014-07-14 10:31 - 2014-07-14 10:31 - 00026431 _____ () C:\Users\Deepthought\Desktop\BenKPJGCIAA0pQ0.jpg-large
2014-07-14 04:24 - 2014-07-14 04:24 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{35A40651-0B1C-47EE-BEE5-AAF34836014D}
2014-07-13 19:39 - 2014-07-13 19:39 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{D35EEFE3-464C-41DC-9208-E6E63E7A061C}
2014-07-13 17:08 - 2013-11-12 11:05 - 00000000 ____D () C:\Users\Deepthought\Desktop\CALENDARS-2013-2014
2014-07-13 07:38 - 2014-07-13 07:38 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{FB1D2D8B-9B56-49FA-9ECC-484AB1828572}
2014-07-11 23:11 - 2014-07-11 23:11 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{64A09E20-2241-49F2-B4CB-EE36E91BE3F9}
2014-07-11 11:10 - 2014-07-11 11:09 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{27D684E6-C595-4DEB-B127-8672F91B43EC}
2014-07-10 22:22 - 2014-07-10 22:21 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{EF7F3A1F-D49E-4305-9440-CACD70B4973B}
2014-07-10 10:20 - 2014-07-10 10:20 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{46083193-0907-45F5-8740-5E137371A465}
2014-07-09 15:29 - 2014-02-19 20:45 - 00000000 ____D () C:\Windows\rescache
2014-07-09 15:29 - 2012-07-28 23:47 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 15:29 - 2012-07-28 23:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:42 - 2009-07-14 05:33 - 00308528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 13:33 - 2009-07-14 08:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 13:29 - 2013-07-15 22:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 13:24 - 2010-07-15 17:17 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 12:51 - 2014-07-09 12:50 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CB307D25-1908-4450-823D-2C5E5DD78EBD}
2014-07-09 00:50 - 2014-07-09 00:50 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{E97D9699-FD93-42D8-A0BA-D2197A121887}
2014-07-08 12:49 - 2014-07-08 12:48 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{16A04795-E2C9-46F2-A78D-7B2E6A9EF315}
2014-07-07 23:48 - 2014-07-07 23:48 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{B964613C-EFEA-4D5E-B9C5-8E42917EFEB0}
2014-07-07 09:03 - 2014-07-07 09:02 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{EB8204C1-9A9F-4099-B541-904740D699E1}
2014-07-06 20:12 - 2014-07-06 20:12 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8A0B1C74-6C83-45DE-8709-58800D3E020D}
2014-07-06 07:28 - 2014-07-06 07:27 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{F23F1E6D-57FE-4793-B1BD-9D97067BA30E}
2014-07-05 15:41 - 2014-07-05 15:41 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{D3440294-5D52-46CB-A7B4-AE9013D8AA35}
2014-07-05 01:48 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140709-015546.backup
2014-07-05 01:42 - 2010-01-03 18:25 - 00000000 ____D () C:\Users\Deepthought
2014-07-04 21:24 - 2014-07-04 21:24 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{6F98FD79-1BEB-40F8-90ED-750C0248E870}
2014-07-04 20:57 - 2014-07-04 20:57 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{FC840846-BBC9-488C-9539-C1271A027537}
2014-07-04 13:49 - 2010-01-03 18:28 - 00849992 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 11:00 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140705-014832.backup
2014-07-04 03:04 - 2014-07-04 11:00 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140704-110010.backup
2014-07-04 02:34 - 2014-07-04 02:34 - 00001005 _____ () C:\Users\Deepthought\Desktop\KMPlayer.lnk
2014-07-04 02:27 - 2014-06-23 01:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-04 01:58 - 2014-07-04 01:58 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{513F9C20-8D99-4E79-9D43-861AD1F6C255}
2014-07-03 13:56 - 2014-07-03 13:56 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8B7BA651-3BC0-4775-A15C-565DF1FF3BF4}
2014-07-03 12:51 - 2014-07-03 12:44 - 00000000 ____D () C:\Users\Deepthought\Desktop\INDIA-FabricRoof
2014-07-03 01:55 - 2014-07-03 01:55 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{B8500B17-BA60-4C4B-9C97-CCF7FF09E5BE}
2014-07-02 00:46 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140704-030425.backup
2014-07-01 09:50 - 2014-07-01 09:26 - 00000000 ____D () C:\Users\Deepthought\Desktop\New folder
2014-07-01 08:54 - 2013-10-07 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-01 08:52 - 2014-07-01 08:51 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{01B29BEC-F855-4652-BEC2-50170D5CEB09}
2014-07-01 07:51 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140702-004654.backup
2014-07-01 01:06 - 2014-07-01 07:51 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-075131.backup
2014-07-01 01:00 - 2014-07-01 01:06 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-010638.backup
2014-06-30 13:36 - 2014-06-30 13:36 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CEE202D4-29A3-4315-8BB0-C83871FC238F}
2014-06-29 10:20 - 2014-06-29 10:20 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CCB63173-E9CF-40E0-B6BE-29DC5BD00266}
2014-06-28 01:38 - 2014-06-28 01:37 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{A698F8D0-CEAB-4F0E-BBD6-43217ACEAAF1}
2014-06-27 10:34 - 2014-06-27 10:34 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{12A763A3-A038-4CB4-87EB-C9D114461427}
2014-06-26 11:16 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{CB532378-AA6D-4325-88EE-2628F259CF79}
2014-06-25 10:38 - 2014-06-25 10:38 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{BB19FA91-21A6-4386-AC48-266875E6D252}
2014-06-24 21:28 - 2014-05-27 13:50 - 00001980 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-24 21:28 - 2012-12-21 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-24 21:28 - 2010-01-03 18:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-24 21:28 - 2010-01-03 18:29 - 00906264 _____ () C:\Windows\DPINST.LOG
2014-06-24 21:26 - 2014-06-24 21:26 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8D038CA3-EAC5-4FAC-8975-61B50091F8A1}
2014-06-24 10:54 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-010054.backup
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{4CCC6915-995B-40AB-A6C7-EB155F65C8BC}
2014-06-24 07:46 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140624-105445.backup
2014-06-24 07:40 - 2014-06-24 07:40 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{975C687B-156F-4315-A763-F69FAD29F6E4}
2014-06-23 23:04 - 2013-05-15 15:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-06-23 12:15 - 2014-06-23 12:15 - 00123544 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2014-06-23 10:50 - 2014-06-23 10:50 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{FEA04448-B587-4194-82EA-EDD494E471AC}
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000
2014-06-23 10:47 - 2014-06-23 10:47 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL
2014-06-23 10:43 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140624-074626.backup
2014-06-23 02:16 - 2014-05-08 21:35 - 00000000 ____D () C:\Program Files\004
2014-06-23 02:05 - 2014-06-23 01:36 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-23 02:00 - 2009-07-14 03:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140623-104341.backup
2014-06-23 01:39 - 2014-06-23 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-23 01:38 - 2014-06-23 01:38 - 00002143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-23 01:38 - 2014-06-23 01:38 - 00002131 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-23 01:34 - 2014-06-23 01:34 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\Deepthought\Desktop\spybot2-license.exe
2014-06-22 22:20 - 2014-06-22 22:20 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{23B059E2-3329-473D-B955-20B74F8DB45C}
2014-06-22 10:18 - 2014-06-22 10:18 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{DD2ECD8C-7AE2-48CA-BB50-CB34F6FB093D}
2014-06-21 19:47 - 2014-06-21 19:47 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{56B89618-DF86-4CC0-BBF2-913245DCFD95}
2014-06-21 07:48 - 2014-06-21 07:48 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{36F1CC58-7B3F-49A6-9BAC-965C374511E1}
2014-06-20 20:39 - 2014-07-09 09:22 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 19:48 - 2014-06-20 19:47 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{DDBA49F2-2322-479D-8F9C-515893E8A51D}
2014-06-20 05:03 - 2014-06-20 05:03 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{27FFA68F-8A24-458F-9639-A3E834846A6E}
2014-06-19 01:16 - 2014-07-09 09:22 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 00:56 - 2014-07-09 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 00:56 - 2014-07-09 09:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 00:38 - 2014-07-09 09:22 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 00:37 - 2014-07-09 09:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 00:36 - 2014-07-09 09:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 00:35 - 2014-07-09 09:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 00:32 - 2014-07-09 09:22 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 00:28 - 2014-07-09 09:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 00:28 - 2014-07-09 09:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 00:25 - 2014-07-09 09:22 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 00:23 - 2014-07-09 09:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 00:23 - 2014-07-09 09:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 00:22 - 2014-07-09 09:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 00:16 - 2014-07-09 09:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:12 - 2014-07-09 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 00:06 - 2014-07-09 09:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 00:01 - 2014-07-09 09:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 23:59 - 2014-07-09 09:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 23:58 - 2014-07-09 09:22 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 23:52 - 2014-07-09 09:22 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 23:52 - 2014-07-09 09:22 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 23:49 - 2014-07-09 09:22 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 23:46 - 2014-07-09 09:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 23:45 - 2014-07-09 09:22 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 23:35 - 2014-07-09 09:22 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 23:13 - 2014-07-09 09:22 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 23:09 - 2014-07-09 09:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 23:07 - 2014-07-09 09:22 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 15:27 - 2014-06-18 13:50 - 00000000 ____D () C:\Users\Deepthought\Desktop\SeaBreeze-PHILIP
2014-06-18 11:35 - 2014-06-18 11:35 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{11769BB7-B731-4480-B2A9-D5E654165529}
2014-06-18 02:51 - 2014-07-09 09:23 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 01:52 - 2014-07-09 09:23 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 23:33 - 2014-06-17 23:33 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{300F6281-E828-46E1-9802-77B4EB28F76A}
2014-06-17 11:32 - 2014-06-17 11:32 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{5AF02409-6533-47F0-95B4-EA0D4C73EC34}
2014-06-16 23:31 - 2014-06-16 23:31 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{D2462926-68E7-4492-91A4-A0F0498BBCAA}
2014-06-16 11:29 - 2014-06-16 11:29 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{B0706808-988B-4925-B6EF-C0BEB6BA4DF0}
2014-06-16 10:35 - 2014-06-16 10:35 - 00000000 ____D () C:\Users\Deepthought\AppData\Local\{8A7C9E06-8126-455B-ACB5-5CFF26C81071}

Some content of TEMP:
====================
C:\Users\Deepthought\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Deepthought\AppData\Local\Temp\ose00000.exe
C:\Users\Deepthought\AppData\Local\Temp\Quarantine.exe
C:\Users\Deepthought\AppData\Local\Temp\ResetDevice.exe
C:\Users\Deepthought\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Deepthought\AppData\Local\Temp\_is78F6.exe
C:\Users\Deepthought\AppData\Local\Temp\_is7F3D.exe
C:\Users\Deepthought\AppData\Local\Temp\_isE9F0.exe
C:\Users\Deepthought\AppData\Local\Temp\_isF5B3.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 15:18

==================== End Of Log ============================

 

[TwinHeadedEagle]

Ok, I am waiting for second report, named Addition.txt

 

[Lynne Haywood]

ADDITIONAL TEXT
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Deepthought at 2014-07-16 21:04:08
Running from C:\Users\Deepthought\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3 USB Modem (HKLM\...\3 USB Modem) (Version: HOST01.11.118.01.19.156 - Huawei Tech.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
All Media Converter version 5.2.3 (HKLM\...\{AC57BF3A-E460-4CBD-A8BB-3A3A8D1D9A55}_is1) (Version: 5.2.3 - EIPC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM\...\{210E8562-74DA-4D97-945B-88B2ED9C8028}) (Version: 2.0.15.667 - ArcSoft)
BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.13 - British Broadcasting Corp.)
BBC iPlayer Desktop (Version: 3.2.13 - British Broadcasting Corp.) Hidden
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Boot Camp Services (HKLM\...\{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}) (Version: 3.3.2921 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options)
Driver Manager (HKLM\...\{686695ED-BB3F-415D-B0DB-18CF535F7B50}) (Version: 7 - Driver Manager)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
FastStone Image Viewer 4.2 (HKLM\...\FastStone Image Viewer) (Version: 4.2 - FastStone Soft)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Idea Net Setter (HKLM\...\Idea Net Setter) (Version: 11.030.01.01.356 - Huawei Technologies Co.,Ltd)
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
ImTOO DVD Audio Ripper 5 (HKLM\...\ImTOO DVD Audio Ripper 5) (Version: 5.0.62.0312 - ImTOO)
ImTOO DVD Copy Express (HKLM\...\ImTOO DVD Copy Express) (Version: 1.1.38.0409 - ImTOO)
ImTOO DVD Creator 6 (HKLM\...\ImTOO DVD Creator 6) (Version: 6.1.1.0610 - ImTOO)
ImTOO DVD Ripper Platinum 6 (HKLM\...\ImTOO DVD Ripper Platinum) (Version: 6.0.3.0520 - ImTOO)
ImTOO DVD to iPod Converter 5 (HKLM\...\ImTOO DVD to iPod Converter 5) (Version: 5.0.51.1030 - ImTOO)
ImTOO DVD to Zune Converter 5 (HKLM\...\ImTOO DVD to Zune Converter 5) (Version: 5.0.62.0319 - ImTOO)
ImTOO iPod Movie Converter (HKLM\...\ImTOO iPod Movie Converter) (Version: 5.1.26.1030 - ImTOO)
ImTOO MPEG Encoder Standard (HKLM\...\ImTOO MPEG Encoder Standard) (Version: 5.1.37.0319 - ImTOO)
ImTOO PSP Video Converter (HKLM\...\ImTOO PSP Video Converter) (Version: 5.1.37.0319 - ImTOO)
ImTOO Video Converter Platinum 6 (HKLM\...\ImTOO Video Converter Platinum) (Version: 6.0.4.0610 - ImTOO)
ImTOO Video to Audio Converter (HKLM\...\ImTOO Video to Audio Converter) (Version: 5.1.37.0319 - ImTOO)
ImTOO Zune Video Converter (HKLM\...\ImTOO Zune Video Converter) (Version: 5.1.37.0319 - ImTOO)
Jacquie Lawson Alpine Advent Calendar (HKLM\...\JLAdventCalendarAlpine2012) (Version: 1.0.2 - MicroCourt Limited)
Jacquie Lawson Alpine Advent Calendar (Version: 1.0.2 - MicroCourt Limited) Hidden
Jacquie Lawson London Advent Calendar (HKLM\...\JLAdventCalendarLondon2012) (Version: 1.0.0 - MicroCourt Limited)
Jacquie Lawson London Advent Calendar (Version: 1.0.0 - MicroCourt Limited) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.109.02030 (HKLM\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.109.02030 - Sony)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 (HKLM\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MMX200G Netwarrior Manager V20090909 (HKLM\...\{D1F9117F-7187-4734-B105-8EEB4B2A3696}_is1) (Version: - Micromax Informatics Limited)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Network Guide EPSON SX235 Series (HKLM\...\EPSON SX235 Series Netg) (Version: - )
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV)
Photo to Cartoon (HKLM\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1307.93 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.125 - PandoraTV)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675) (HKLM\...\{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{9A9DF47B-DB4B-485D-8211-7430ABEC5259}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
User's Guide EPSON SX235 Series (HKLM\...\EPSON SX235 Series Useg) (Version: - )
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) (HKLM\...\AD3493E108434977125BBF78F47699626F8AF64B) (Version: 01/11/2008 3.4.3.18 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10) (HKLM\...\07170A155D5587C8782EABA10E94E4127A86F6E4) (Version: 02/01/2008 3.8.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1) (HKLM\...\0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB) (Version: 04/27/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1) (HKLM\...\68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A) (Version: 11/23/2009 3.1.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\9324ED54E32F5399037F87E076CA01C6CEB92830) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\4D00971668041EDAD7097C5827D1739F03B9E5D7) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0) (HKLM\...\DD660B87FBFA46A1E99C15466EA26AA41E678250) (Version: 03/05/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0) (HKLM\...\F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5) (Version: 04/06/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\4B114013DDC5858DB929CE55F363AB88CDE1F78C) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112) (HKLM\...\8D5DC06C9163DD58555F626F30703DA7B27EB8EB) (Version: 03/25/2009 2.1.2.112 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\44E2556E81BCB991055DD976642491906DD3B8A0) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) (HKLM\...\CD6212024668E03491C257CA53617893F2E8E924) (Version: 09/10/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) (HKLM\...\AEB482706002E9220FBFB86D4A1D24257F71A3D4) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112) (HKLM\...\695F4B9353FEE9320C20D297713F8828693D8AF3) (Version: 03/25/2009 2.1.2.112 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\B9491C5C199D7236FCDCB76367922461FADC80C7) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) (HKLM\...\6B401A4481C0B1B07B5D7425378A5C00FF7D75DE) (Version: 09/10/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) (HKLM\...\A7A7D84907D2DCB34930D77C6BA911E3834C1E34) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) (HKLM\...\B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69) (Version: 01/17/2008 2.0.2.2 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\2E2B6DCC02509BB8D2629A009DE8B5C3055B6779) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0) (HKLM\...\3A712FAD839A90C4CD37CE06FA695DCC4E91A52F) (Version: 03/05/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0) (HKLM\...\2A220AD1D71245D60F803E0D8C463ABFFE7C6244) (Version: 02/19/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\111E266FDD1556398EFC13BE47678F96E8497682) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\20CF1F4786CB13A83CD2EC358929609A9B7A205C) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) (HKLM\...\DE32692B1421420518B0CA8EEDD6DF2A494F279F) (Version: 11/30/2009 3.0.0.6 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) (HKLM\...\CFC3D985EA69596C8BE0A30313010FCC8CE2C70F) (Version: 08/24/2010 3.1.0.7 - Apple Inc.)
Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4) (HKLM\...\5405F83664E016638462F8F8C1DAE59D04942778) (Version: 11/23/2009 3.0.0.4 - Apple Inc.)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1) (HKLM\...\F24CB85E5983448F6319803791DEACED91E6565B) (Version: 08/22/2008 2.1.1.1 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122) (HKLM\...\0A86889A63334895E2898E1C618451C13E8BEC74) (Version: 09/18/2008 7.6.1.122 - Atheros Communications Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258) (HKLM\...\950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA) (Version: 11/18/2009 8.0.0.258 - Atheros Communications Inc.)
Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122) (HKLM\...\5A42EC04483B9307C1A29CDA2199268A7A8FA52D) (Version: 09/18/2008 7.6.1.122 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3) (HKLM\...\9AA5295F27284963423D072C7FC59D57CDE15ACA) (Version: 05/28/2009 12.2.0.3 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) (HKLM\...\E9575EA5D430B59D0CFF29323C74D0FBA1898F3B) (Version: 08/21/2009 5.60.18.8 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26) (HKLM\...\75B57AFB407D191B0DAEF05EE9665A5A86701A9A) (Version: 10/22/2008 5.10.38.26 - Broadcom)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21) (HKLM\...\7C4C70065E755397913A9698B9D9DF16D7345D18) (Version: 01/02/2010 6.6001.1.21 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8) (HKLM\...\DCEFA559AE3275AB4F80389685E1BD3D978A5707) (Version: 04/29/2009 6.6001.1.8 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) (HKLM\...\680D5EED614F3F01A9AD4547E9D81CFE9B0E4902) (Version: 08/16/2010 6.6001.1.26 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0) (HKLM\...\B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D) (Version: 02/06/2008 9.12.17.0 - Intel)
Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0) (HKLM\...\2AC97D2605162B73D046D68013D1030CB7CFB87E) (Version: 01/08/2008 8.3.9.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) (HKLM\...\9747248FCA6A074E791AABC17F527823A8225756) (Version: 07/22/2008 10.3.45.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) (HKLM\...\1E934494E1FDB938ED1D9B958D5D5D465A07F06A) (Version: 08/05/2008 10.3.49.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) (HKLM\...\065B919FD23D12E588F6E2BFB21F7836E2F0E704) (Version: 07/16/2008 9.52.10.0 - Intel)
Windows Driver Package - Intel Net (02/06/2008 9.12.18.0) (HKLM\...\78C67451B87511098A9A0EC86E75B99B12298F5C) (Version: 02/06/2008 9.12.18.0 - Intel)
Windows Driver Package - Intel Net (06/13/2008 9.52.9.0) (HKLM\...\A06888013552B918232820F81FDBA706F5CAAD39) (Version: 06/13/2008 9.52.9.0 - Intel)
Windows Driver Package - Intel Net (07/22/2008 10.3.45.0) (HKLM\...\675AAC36E980D647C94EAFFB2F929F247E711708) (Version: 07/22/2008 10.3.45.0 - Intel)
Windows Driver Package - Intel Net (08/05/2008 10.3.49.0) (HKLM\...\7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D) (Version: 08/05/2008 10.3.49.0 - Intel)
Windows Driver Package - Intel Net (11/07/2007 8.10.1.0) (HKLM\...\627745F8E8BB901B043047C3E308B4A76C1194FE) (Version: 11/07/2007 8.10.1.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\82BE89CA9B7493FA05D2D4D32B415CF07EA08B47) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) (HKLM\...\1D68F7A8B8397256B162B831457A6775BD17F3F4) (Version: 03/23/2007 10.12.7.3 - Marvell)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

15-07-2014 08:21:17 Microsoft Antimalware Checkpoint
15-07-2014 19:22:03 Checkpoint by HitmanPro
15-07-2014 19:28:40 Checkpoint by HitmanPro
16-07-2014 14:01:53 Microsoft Antimalware Checkpoint
16-07-2014 15:29:39 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2014-07-09 01:55 - 00450709 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0D625AB3-14D4-4387-A3F0-A9011ED08B06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core1cf8f1b8079ab20 => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {13E8F7E6-3726-4202-A1E6-2EAC9C08F987} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {17425A96-FFEB-4BFE-B02F-F76A054BB290} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {37D9FB60-C25D-4364-AFC1-A3666CDC7C8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {400B83C3-1D88-40E3-A76C-BFE3603CAD70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46DFE620-0953-49A7-8AD0-3660F1DE0680} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {49D613D5-47AA-478E-BDC7-6C90DE525C76} - System32\Tasks\{0BEDED72-9C3B-447E-9320-1A9B335897B6} => C:\Users\Deepthought\Downloads\frontpage-express.exe
Task: {4D83081A-9444-4D44-8444-3705A19A88B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {4E023D34-92BF-46AF-966B-F52C9CDFE71C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-23] (Google Inc.)
Task: {A6DE2104-C349-4787-B92B-7B5A89BA1468} - System32\Tasks\{E25DBA38-E535-48CE-8175-12B0C7B7A777} => G:\AutoRun.exe
Task: {B6B013E1-CDBE-4E37-9E91-416B40636A24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-23] (Google Inc.)
Task: {B8AB2694-FDA4-42F7-9EB3-D5DB6B8FD4A7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CFCE387A-3D2C-454C-AEAC-135A3F5485DC} - System32\Tasks\{5A99EA2C-644D-4B0D-A9A0-8F887A260486} => C:\Users\Deepthought\Downloads\frontpage-express.exe
Task: {E984DAB2-387B-46A3-BB45-404E4510CA97} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA1cf8f1b84915640 => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {EFEAB927-E92D-4B1B-B565-2E81CE7282BB} - System32\Tasks\{121496B1-52BA-4CCE-BCD8-8BE055421275} => G:\AutoRun.exe
Task: {F7BE9BAA-34B1-45EC-B993-069215E8F0A5} - System32\Tasks\{BA972B3F-5519-44BF-B9AB-580E136AEF7F} => G:\AutoRun.exe
Task: {FB1F23FE-1CCD-4000-90E9-5FA72265C767} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {FE1E33B5-B36B-4A73-AAA0-1461771E2737} - System32\Tasks\{223ECE6D-8671-4B8E-BCBC-7B1EA95B76A3} => C:\Program Files\Windows Live\Mail\wlmail.exe [2012-03-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core.job => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000Core1cf8f1b8079ab20.job => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA.job => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3687737911-3880605115-1145795470-1000UA1cf8f1b84915640.job => C:\Users\Deepthought\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-14 15:58 - 2013-10-23 14:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2014-02-19 12:43 - 2013-08-30 00:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-06-23 01:38 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-23 01:38 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-15 18:34 - 2011-08-15 18:34 - 00194432 _____ () C:\Windows\system32\AppleOSSMgr.exe
2009-08-10 16:59 - 2009-08-10 16:59 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 16:59 - 2009-08-10 16:59 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 16:59 - 2009-08-10 16:59 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2012-07-31 14:42 - 2012-07-09 17:59 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2012-07-31 14:42 - 2012-07-09 17:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2012-07-31 14:42 - 2011-12-06 16:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2012-07-31 14:42 - 2012-03-23 10:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll
2014-06-23 01:38 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-23 01:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-23 01:38 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-08-10 16:59 - 2009-08-10 16:59 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2012-12-21 15:55 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-12-21 15:55 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2012-10-05 03:51 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2012-12-21 15:55 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2013-03-18 15:46 - 2013-03-18 15:46 - 00606720 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-12-21 15:55 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-06-11 19:39 - 2014-06-05 14:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 19:39 - 2014-06-05 14:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 19:39 - 2014-06-05 14:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 19:39 - 2014-06-05 14:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 19:39 - 2014-06-05 14:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-07-14 02:23 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Deepthought\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 04:29:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5ebfd3a1-6642-43e9-adbe-d236a26afe17}

Error: (07/16/2014 03:01:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1669197e-1ab9-4c46-8beb-22c4883b4b20}

Error: (07/16/2014 03:01:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {290c6fad-76d1-4bd6-bbb5-dba6f621111f}

Error: (07/16/2014 03:01:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1669197e-1ab9-4c46-8beb-22c4883b4b20}

Error: (07/15/2014 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.3.39.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0x0eedfade
Fault offset: 0x0000812f
Faulting process id: 0xe278
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3

Error: (07/15/2014 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.3.39.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0x0eedfade
Fault offset: 0x0000812f
Faulting process id: 0xe678
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3

Error: (07/15/2014 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.3.39.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0x0eedfade
Fault offset: 0x0000812f
Faulting process id: 0xf548
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3

Error: (07/15/2014 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.3.39.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0x0eedfade
Fault offset: 0x0000812f
Faulting process id: 0xf7bc
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3

Error: (07/15/2014 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.3.39.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0x0eedfade
Fault offset: 0x0000812f
Faulting process id: 0xf6f0
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3

Error: (07/15/2014 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.3.39.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0x0eedfade
Fault offset: 0x0000812f
Faulting process id: 0xf170
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3


System errors:
=============
Error: (07/16/2014 02:08:58 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.179.7.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/15/2014 10:03:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (07/15/2014 10:03:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (07/15/2014 10:03:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/15/2014 04:43:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/15/2014 04:41:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/15/2014 04:38:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FileZilla Server FTP server service failed to start due to the following error:
%%2

Error: (07/15/2014 04:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/15/2014 04:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/15/2014 04:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/28/2013 03:42:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21380 seconds with 10680 seconds of active time. This session ended with a crash.

Error: (09/30/2012 01:08:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 610703 seconds with 10620 seconds of active time. This session ended with a crash.

Error: (07/23/2012 01:31:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 7, Application Name: Microsoft Office SharePoint Designer, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8122 seconds with 5820 seconds of active time. This session ended with a crash.

Error: (12/20/2011 04:09:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52603 seconds with 13560 seconds of active time. This session ended with a crash.

Error: (12/10/2011 01:54:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4427 seconds with 3120 seconds of active time. This session ended with a crash.

Error: (12/08/2011 06:14:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2970 seconds with 660 seconds of active time. This session ended with a crash.

Error: (10/13/2011 07:17:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/06/2011 11:46:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/27/2011 06:41:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/26/2011 08:47:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-07-16 20:24:15.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 18:15:03.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 15:10:10.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 02:19:24.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 01:15:35.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 01:04:54.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 17:32:08.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 17:17:05.600
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 16:53:13.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 09:24:17.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 1766.71 MB
Available physical RAM: 639.34 MB
Total Pagefile: 3348.71 MB
Available Pagefile: 1305.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.89 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:74.88 GB) (Free:19.96 GB) NTFS
Drive e: (Macintosh HD) (Fixed) (Total:73.88 GB) (Free:59.66 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 00005A0E)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=74 GB) - (Type=AF)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Lynne Haywood]

Hi, you can probably see that I do not use the Apple side of my computer. That is because I don't know how and don't find time to learn! This is a problem because there is not much space left in Windows.

 

[TwinHeadedEagle]

SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for SpyBot, right-click the entry and click Uninstall.

This is optional, but please consider it.




Next, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Image Editor Packages

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

 

[Lynne Haywood]

Sorry for delay. I don't have the Windows symbol on my Apple so tried to uninstall Spybot via Uninstall Programs.
Then I got the message:
A problem has occurred in BitDefender Threat Scanner. A file containing error information has been created at C:Windows\TEMP\BitDefenderThreatScanner.dmp
You are strongly encouraged to send the file to the developers of the application for further investigation of the error.

Then I tried to uninstall Image Editor Packages - but got the message:
Please wait until the current program is finished uninstalling or being changed.

Nothing seems to be happening.
Shall I move on to FarBar Recovery Scan Tool?

 

[Lynne Haywood]

To complete SpyBot uninstall, the computer must be restarted. I am leaving everything as it is and I shall check tomorrow for new message from you. Thanks for help so far.

 

[TwinHeadedEagle]

Yes, please proceed with Farbar now.

 

[Lynne Haywood]

Hi, I restarted the computer, then got rid of Image Editor Packages.
Then clicked FIX in FarBar - but nothing happening.
Shall I try again?

 

[TwinHeadedEagle]

Have you got some message after clicking Fix? Try again...

 

[Lynne Haywood]

I don't think I am doing this right.
Do I have to do something before clicking on FIX in FarBar?

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

 

[Lynne Haywood]

Message just says - both files have to be in the same place.

 

[Lynne Haywood]

Do I have to put something in the empty box on FarBar - before clicking FIX ?

 

[TwinHeadedEagle]

Both FRST.exe and fixlist.txt have to be on the same location. Copy both files on Desktop, then open FRST.exe and click Fix.

 

[Lynne Haywood]

Hi, I still didn't manage to get a result.

I think you meant for me to download two files from where you have exclamation marks? - but there is no link.
YOUR NOTE: Download attached fixlist.txt file and save it to the Desktop
How to do this?

Sorry, I don't understand.

 

[TwinHeadedEagle]

You just need to click on Fixlist.txt attached above in my reply. Then you need to copy it on your Desktop, unless it is already downloaded on your Desktop. After that open FRST and click Fix.