1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Friends Windows 8- MAJOR Infections?

Discussion in 'Malware Removal Help' started by timh1111, Apr 7, 2014.

  1. timh1111

    timh1111 Registered Members

    Joined:
    Feb 6, 2010
    Messages:
    236
    Location:
    Tampa, FL. USA
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Dell Inspiron
    Memory:
    8 Gigs
    Good day all! Here's the scenario..... A friend has given me her HP Windows 8 Laptop to remove "some" infections she got from downloading from the internet. At first, it was impossible to download and install Malwarebytes because the infection wasn't allowing me to go to and download from any anti-malware site. I wanted to try to run in "Safe-Mode" but the SHFT-F8 command isn't being seen on boot up. I was able to get to running in safe-mode from within the desktop commands but when I rebooted WITH network support, on reboot it say's I'm not connected to a network.I downloaded Malwarebytes onto a flashdrive and installed it that way. It worked, somewhat yet sometimes is unresponsive (Not Responding). At first, Malwarebytes detected over 300 hits. I quarantined them, rebooted and ran it again. The second time it detected over 300 (different) infections. I quarantined them, rebooted and ran it again yet this time it detected over 3000 infections. I manually removed any toolbar programs (i.e. anything related to "Wildtangent) that I felt may have caused the issue. Now, I feel like I am about 70% "there" in removing the issue(s) but am still getting a few pop-ups from time to time. I read about "OTL" in another post but it didn't mention if it worked on the W8 OS. What can I do next?
    PLEASE NOTE: My friend does NOT have the W8 install disk and I will not risk posting any logs from her laptop to the site here because of the standing infections. I will be able to continue to post issues and resolves from mine though. Thanks for any help folks!!
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tim

    That's normal for Win8.
    All that has been basically hidden from the startup so that the system boots quicker.
    If you ever need it again, this may help:
    Windows8 Start-up Settings (including safe mode)

    Posting logs/reports from the system will cause no harm to the site.... they are only text files.

    Although we can get Otl to produce a report from a Win8 system..... the fixes don't always work.
    That's why we don't recommend it.

    Please do not run any other tools unless instructed.
    Please don't install or uninstall anything unless asked
    .


    We really need to see what is going on with this laptop.
    I'm not sure from your post whether the system has an internet connection or not.

    If not you will need to transfer these programs ( in the case of FRST... the correct version) to the infected system by way of usb stick etc.
    Then obviously transfer the reports to us in the same way... through your system.

    If the no internet connection is because of any Proxy that the malware has set up.... the first program should remove that.

    Step 1
    Please download MiniToolBox and save it to your Desktop.

    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click and select "Run as Administrator".

    Checkmark the following radio buttons:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    Click Go, the results will appear as a txt file on your Desktop.
    Please copy & paste this report in your next reply.


    Step 2

    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool.

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Press Scan button.

      014f1b4e3a5ba0cd21d8d5fcb5855e81.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

    In your next reply, please submit:
    Mini Toolbox report
    Both reports from FRST


    Thanks.
     
  3. timh1111

    timh1111 Registered Members

    Joined:
    Feb 6, 2010
    Messages:
    236
    Location:
    Tampa, FL. USA
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Dell Inspiron
    Memory:
    8 Gigs
    WOW...Thanks Starbuck!!! The laptop I'm trying to fix does have internet connection. I have it linked to my WiFi network and am able to get online with it so I should be able to get on this first thing tomorrow (since I'm off the next 2 day's). The thing that's a bit confusing to me is I'm so used to XP with the icon style desktop. With W8, it's all tiles and I'm not sure how to find the saved logs in order to upload them to you. With XP it was just "Save To...DESKTOP" and there it was. With W8...I'm not sure but I'll figure it out. Thanks again and look for the logs tomorrow.
     
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
  5. timh1111

    timh1111 Registered Members

    Joined:
    Feb 6, 2010
    Messages:
    236
    Location:
    Tampa, FL. USA
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Dell Inspiron
    Memory:
    8 Gigs
    OK Starbuck...here ya go.....MiniToolBox....
    Ran by chris (administrator) on 08-04-2014 at 14:03:59
    Running from "C:\Users\chris\Desktop"
    Microsoft Windows 8 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= Flush DNS: ===================================
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========================= IE Proxy Settings: ==============================
    Proxy is not enabled.
    No Proxy Server is set.
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================
    ========================= IP Configuration: ================================
    Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Connected)
    Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
    reset
    set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
    add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.0.10 metric=1 publish=Yes
    set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

    popd
    # End of IPv4 configuration
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : livingroompc
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : home
    Wireless LAN adapter Local Area Connection* 11:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
    Physical Address. . . . . . . . . : 1E-D0-5A-D3-10-1C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Wireless LAN adapter Wi-Fi:
    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
    Physical Address. . . . . . . . . : 2C-D0-5A-D3-10-1C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::101:9ad:bd3c:457a%14(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Tuesday, April 8, 2014 1:43:54 PM
    Lease Expires . . . . . . . . . . : Wednesday, April 9, 2014 1:43:57 PM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 338481242
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-BD-64-0C-74-46-A0-89-5B-3E
    DNS Servers . . . . . . . . . . . : 192.168.1.1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Ethernet:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
    Physical Address. . . . . . . . . : 74-46-A0-89-5B-3E
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Local Area Connection* 13:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.home:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1812:2d95:3f57:fefc(Preferred)
    Link-local IPv6 Address . . . . . : fe80::1812:2d95:3f57:fefc%18(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled
    Server: Wireless_Broadband_Router.home
    Address: 192.168.1.1
    Name: google.com
    Addresses: 2404:6800:4004:808::1005
    65.196.188.25
    65.196.188.24
    65.196.188.23
    65.196.188.27
    65.196.188.20
    65.196.188.22
    65.196.188.26
    65.196.188.21

    Pinging google.com [65.196.188.24] with 32 bytes of data:
    Reply from 65.196.188.24: bytes=32 time=10ms TTL=59
    Reply from 65.196.188.24: bytes=32 time=9ms TTL=59
    Ping statistics for 65.196.188.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 10ms, Average = 9ms
    Server: Wireless_Broadband_Router.home
    Address: 192.168.1.1
    Name: yahoo.com
    Addresses: 98.139.183.24
    206.190.36.45
    98.138.253.109

    Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
    Reply from 98.138.253.109: bytes=32 time=77ms TTL=52
    Reply from 98.138.253.109: bytes=32 time=81ms TTL=52
    Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 81ms, Average = 79ms
    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    15...1e d0 5a d3 10 1c ......Microsoft Wi-Fi Direct Virtual Adapter
    14...2c d0 5a d3 10 1c ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
    12...74 46 a0 89 5b 3e ......Realtek PCIe FE Family Controller
    1...........................Software Loopback Interface 1
    13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
    17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
    192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    169.254.0.0 255.255.0.0 192.168.0.10 1
    ===========================================================================
    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    18 306 ::/0 On-link
    1 306 ::1/128 On-link
    18 306 2001::/32 On-link
    18 306 2001:0:5ef5:79fd:1812:2d95:3f57:fefc/128
    On-link
    14 281 fe80::/64 On-link
    18 306 fe80::/64 On-link
    14 281 fe80::101:9ad:bd3c:457a/128
    On-link
    18 306 fe80::1812:2d95:3f57:fefc/128
    On-link
    1 306 ff00::/8 On-link
    18 306 ff00::/8 On-link
    14 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    **** End of log ****

    FRST...
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
    Ran by chris (administrator) on LIVINGROOMPC on 08-04-2014 14:08:11
    Running from C:\Users\chris\Desktop
    Windows 8 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
    (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Users\chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    () C:\Program Files (x86)\Flash Update\winclient32.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
    HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [Windows Client Manager] - C:\Program Files (x86)\Flash Update\winclient32.exe [640000 2014-03-16] ()
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
    HKU\S-1-5-21-1048366436-103377142-1015860150-1002\...\Run: [SkyDrive] - C:\Users\chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-04] (Microsoft Corporation)
    HKU\S-1-5-21-1048366436-103377142-1015860150-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
    HKU\S-1-5-21-1048366436-103377142-1015860150-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {922B966F-6602-4023-A39F-87790FE72EEB} URL = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=11471&tm=295&src=ds&p={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=11471&tm=295&src=ds&p={searchTerms}
    SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - URL http://search.conduit.com/Results.a...18C4316DA0&q={searchTerms}&SSPV=C211900_sp_ie
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKCU - {922B966F-6602-4023-A39F-87790FE72EEB} URL =
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
    SearchScopes: HKCU - {CFC54527-C01C-4FA4-81EE-A4F4EAF00E0D} URL = http://us.yhs4.search.yahoo.com/yhs..._DS,221,0_0,Search,20140312,19669,0,IE10,7635
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Chrome:
    =======
    CHR HomePage: about:blank
    CHR RestoreOnStartup: "about:blank"
    CHR DefaultSearchKeyword: Google
    CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\google\chrome\application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\google\chrome\application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\google\chrome\application\33.0.1750.154\pdf.dll ()
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\BibleTriviaTime_4l\bar\2.bin\NP4lStub.dll No File
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll No File
    CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
    CHR Extension: (Search) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
    CHR Extension: (Google Wallet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
    CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
    ==================== Services (Whitelisted) =================
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-18] (Advanced Micro Devices, Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
    R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2541928 2014-03-04] (Search Module Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [272016 2012-07-17] (Realtek Semiconductor Corp.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-04] ()
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
    S2 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-04-08 14:08 - 2014-04-08 14:08 - 00015871 _____ () C:\Users\chris\Desktop\FRST.txt
    2014-04-08 14:08 - 2014-04-08 14:08 - 00000000 ____D () C:\FRST
    2014-04-08 14:07 - 2014-04-08 14:07 - 02157056 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
    2014-04-08 14:03 - 2014-04-08 14:04 - 00009550 _____ () C:\Users\chris\Desktop\Result.txt
    2014-04-08 14:03 - 2014-04-08 14:03 - 00982016 _____ (Farbar) C:\Users\chris\Desktop\MiniToolBox.exe
    2014-04-08 13:28 - 2014-04-08 13:28 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33518F35-B299-4BCF-9983-821E556562DE}
    2014-04-08 13:25 - 2014-04-08 13:25 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-04-08 13:24 - 2014-04-08 13:24 - 00003814 _____ () C:\Windows\system32\.crusader
    2014-04-08 13:17 - 2014-04-08 13:17 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-04-08 13:16 - 2014-04-08 13:24 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-04-08 13:16 - 2014-04-08 13:16 - 10971424 _____ (SurfRight B.V.) C:\Users\chris\Downloads\HitmanPro_x64.exe
    2014-04-08 13:07 - 2014-04-08 13:07 - 00001474 _____ () C:\Users\chris\Desktop\JRT.txt
    2014-04-08 12:59 - 2014-04-08 12:59 - 00000000 ____D () C:\Windows\ERUNT
    2014-04-08 12:58 - 2014-04-08 12:58 - 01016261 _____ (Thisisu) C:\Users\chris\Downloads\JRT.exe
    2014-04-08 12:53 - 2014-04-08 12:53 - 00930952 _____ (CNET Download.com) C:\Users\chris\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
    2014-04-08 12:35 - 2014-04-08 13:44 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1048366436-103377142-1015860150-1002
    2014-04-08 12:32 - 2014-04-08 12:55 - 00000888 _____ () C:\Windows\PFRO.log
    2014-04-08 12:16 - 2014-04-08 13:45 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype
    2014-04-08 12:16 - 2014-04-08 12:16 - 00000000 ____D () C:\Users\chris\AppData\Local\Skype
    2014-04-08 12:15 - 2014-04-08 12:15 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-04-08 12:15 - 2014-04-08 12:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-04-08 12:15 - 2014-04-08 12:15 - 00000000 ____D () C:\ProgramData\Skype
    2014-04-08 11:34 - 2014-04-08 11:34 - 00001224 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
    2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-04-08 10:42 - 2014-04-08 10:42 - 00000000 ____D () C:\Windows\system32\log
    2014-04-08 10:42 - 2014-04-08 09:07 - 00034304 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2014-04-08 10:34 - 2014-04-08 10:34 - 00001122 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-04-08 10:34 - 2014-04-08 10:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2014-04-08 10:25 - 2014-04-08 10:25 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2014-04-08 10:19 - 2014-04-08 10:37 - 00689662 _____ () C:\Windows\WindowsUpdate.log
    2014-04-08 08:48 - 2014-01-19 03:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-04-08 08:42 - 2012-11-23 08:54 - 00196608 _____ () C:\Users\chris\AppData\Local\common_functions.dll
    2014-04-08 08:42 - 2012-06-26 06:59 - 00940544 _____ (Apache Software Foundation) C:\Users\chris\AppData\Local\log4cxx.dll
    2014-04-08 08:24 - 2014-04-08 12:54 - 00000000 ____D () C:\AdwCleaner
    2014-04-06 08:21 - 2014-04-06 08:21 - 00000000 ___RD () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-06 07:59 - 2014-04-06 07:59 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-04-06 07:59 - 2014-04-06 07:59 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-04-06 07:59 - 2014-04-06 07:59 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-05 17:00 - 2014-04-05 17:02 - 00941512 _____ (Piriform Ltd) C:\Users\chris\Downloads\ccsetup412.exe
    2014-04-05 15:39 - 2014-04-08 13:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-05 15:38 - 2014-04-05 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-04 20:24 - 2014-04-08 13:44 - 00000402 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_chris.job
    2014-04-04 20:24 - 2014-04-05 20:25 - 00002970 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_chris
    2014-04-04 20:24 - 2014-04-05 20:25 - 00000392 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_chris.job
    2014-04-04 20:24 - 2014-04-04 20:50 - 00000396 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_chris.job
    2014-04-04 20:24 - 2014-04-04 20:25 - 00002974 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_chris
    2014-04-04 20:24 - 2014-04-04 20:24 - 00003620 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_chris
    2014-04-04 20:24 - 2014-04-04 20:24 - 00002678 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_chris
    2014-03-23 13:44 - 2014-03-23 13:44 - 00000017 _____ () C:\Users\chris\AppData\Local\resmon.resmoncfg
    2014-03-23 13:20 - 2014-04-04 21:14 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
    2014-03-23 13:10 - 2014-03-23 13:10 - 00000045 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
    2014-03-23 13:01 - 2014-03-23 13:01 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Yahoo!
    2014-03-23 13:01 - 2014-03-23 13:01 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
    2014-03-23 13:01 - 2014-03-23 13:01 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
    2014-03-23 12:56 - 2014-04-06 08:34 - 00102400 _____ () C:\Users\chris\AppData\Local\ChromeHitoryDB
    2014-03-23 12:51 - 2014-04-08 13:51 - 00000328 _____ () C:\Windows\Tasks\FF Watcher {3A0D6296-888B-46E2-8273-565CDD95644E}.job
    2014-03-23 12:51 - 2014-03-23 12:52 - 00003274 _____ () C:\Windows\System32\Tasks\FF Watcher {3A0D6296-888B-46E2-8273-565CDD95644E}
    2014-03-23 12:50 - 2014-03-23 12:50 - 00001171 _____ () C:\Users\Public\Desktop\KEYPLAYER media player.lnk
    2014-03-23 12:50 - 2014-03-23 12:50 - 00000000 ____D () C:\Program Files (x86)\Flash Update
    2014-03-23 12:50 - 2012-07-25 15:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
    2014-03-23 12:49 - 2014-03-23 12:49 - 00001244 _____ () C:\Users\chris\Desktop\Create Amazing Presentations.lnk
    2014-03-23 12:48 - 2014-04-08 12:27 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-03-23 12:36 - 2014-04-08 13:44 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1048366436-103377142-1015860150-1002
    2014-03-23 11:10 - 2014-03-23 11:10 - 00000000 ____D () C:\Program Files\Quiknowledge
    2014-03-23 11:07 - 2014-04-04 20:20 - 00004206 _____ () C:\Windows\System32\Tasks\ShopperPro
    2014-03-23 11:07 - 2014-04-04 20:20 - 00003500 _____ () C:\Windows\System32\Tasks\SPDriver
    2014-03-23 11:07 - 2014-03-23 11:07 - 00004248 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333839333434313532312d232d783232575b5a34452d2a
    2014-03-23 11:07 - 2014-03-23 11:07 - 00003834 _____ () C:\Windows\System32\Tasks\Smp
    2014-03-23 11:07 - 2014-03-23 11:07 - 00003730 _____ () C:\Windows\System32\Tasks\SMupdate1
    2014-03-23 11:07 - 2014-03-23 11:07 - 00000000 ____D () C:\ProgramData\SearchModule
    2014-03-23 11:07 - 2014-03-23 11:07 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
    2014-03-23 11:06 - 2014-04-04 20:16 - 00003576 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
    2014-03-23 11:06 - 2014-03-23 11:06 - 00004396 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-23 10:39 - 2014-04-05 22:12 - 01171856 _____ (AnyProtect.com) C:\Users\chris\AppData\Local\AnyProtectScannerSetup.exe
    2014-03-23 10:07 - 2014-03-23 10:07 - 00000066 _____ () C:\Windows\GPlrLanc.dat
    2014-03-23 10:07 - 2014-03-23 10:07 - 00000000 ____D () C:\Users\chris\AppData\Local\pptaddin
    2014-03-23 10:06 - 2014-03-23 10:18 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Google
    2014-03-23 10:06 - 2014-03-23 10:06 - 00001244 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\emaze-Amazing Presentations.lnk
    2014-03-23 10:04 - 2014-03-23 10:04 - 00000000 ____D () C:\Program Files\Google
    2014-03-23 10:03 - 2014-03-23 10:04 - 00000000 ____D () C:\ProgramData\Google
    2014-03-23 10:03 - 2014-03-23 10:03 - 00000000 ____D () C:\Users\chris\AppData\Roaming\RealNetworks
    2014-03-23 10:03 - 2014-03-23 10:03 - 00000000 ____D () C:\ProgramData\RealNetworks
    2014-03-23 10:03 - 2014-03-23 10:03 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
    2014-03-23 10:02 - 2014-03-23 10:02 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2014-03-23 10:02 - 2014-03-23 10:02 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2014-03-23 10:02 - 2014-03-23 10:02 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2014-03-23 10:02 - 2014-03-23 10:02 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2014-03-23 10:01 - 2014-03-23 10:02 - 00000000 ____D () C:\Program Files (x86)\Real
    2014-03-23 10:00 - 2014-04-04 20:21 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Real
    2014-03-23 09:59 - 2014-04-08 13:44 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-23 09:59 - 2014-04-08 13:21 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-23 09:59 - 2014-04-06 07:53 - 00000000 ____D () C:\Users\chris\AppData\Local\Google
    2014-03-23 09:59 - 2014-04-05 17:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-23 09:59 - 2014-04-05 17:16 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-23 09:59 - 2014-03-23 10:04 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-23 09:57 - 2014-03-23 10:04 - 00000000 ____D () C:\ProgramData\Real
    2014-03-23 08:27 - 2014-03-23 08:29 - 00002856 _____ () C:\Users\chris\AppData\Roaming\aps.scan.results
    2014-03-23 08:27 - 2014-03-23 08:29 - 00001164 _____ () C:\Users\chris\AppData\Roaming\aps.scan.quick.results
    2014-03-23 08:27 - 2014-03-23 08:29 - 00000322 _____ () C:\Users\chris\AppData\Roaming\aps.uninstall.scan.results
    2014-03-23 08:26 - 2014-03-23 08:26 - 01172736 _____ (AnyProtect.com) C:\Users\chris\AppData\Local\nsu4DEE.tmp
    2014-03-22 17:41 - 2014-03-22 17:41 - 00000000 ____D () C:\Users\chris\AppData\Local\35a3b496-84a3-4573-79a7-409a5d41ef00
    2014-03-22 17:13 - 2014-03-22 17:13 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oberon Media
    2014-03-22 17:13 - 2014-03-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Oberon Media SIDR
    2014-03-22 17:08 - 2013-11-13 23:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
    2014-03-22 17:06 - 2014-03-22 17:13 - 00000000 ____D () C:\ProgramData\Oberon Media
    2014-03-22 17:05 - 2014-03-22 17:05 - 00003118 _____ () C:\Windows\System32\Tasks\ArcadeFrontier
    2014-03-21 17:56 - 2014-04-08 12:32 - 00325512 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-15 23:04 - 2014-03-04 18:52 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-15 23:04 - 2014-03-04 18:52 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-12 19:25 - 2014-02-23 04:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-12 19:25 - 2014-02-23 04:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-12 19:25 - 2014-02-23 04:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-03-12 19:25 - 2014-02-23 04:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-03-12 19:25 - 2014-02-23 04:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-12 19:25 - 2014-02-23 04:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-12 19:25 - 2014-02-23 04:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-12 19:25 - 2014-02-23 04:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-12 19:25 - 2014-02-23 02:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-12 19:25 - 2014-02-23 02:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-12 19:25 - 2014-02-23 02:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-12 19:25 - 2014-02-23 02:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-12 19:25 - 2014-02-23 02:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-12 19:25 - 2014-02-23 02:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-12 19:25 - 2014-02-23 00:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-03-12 19:25 - 2013-10-25 03:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2014-03-12 19:25 - 2013-10-24 18:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2014-03-12 19:24 - 2014-02-23 04:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-12 19:24 - 2014-02-23 04:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-12 19:24 - 2014-02-23 02:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-12 19:24 - 2014-02-23 02:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-12 19:24 - 2014-02-23 02:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-12 19:23 - 2014-02-08 00:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-12 19:23 - 2013-12-07 02:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-03-12 19:23 - 2013-12-07 01:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-03-12 19:22 - 2014-02-05 19:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-12 19:22 - 2014-02-05 19:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-12 19:22 - 2014-01-30 20:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-12 19:22 - 2014-01-30 20:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    ==================== One Month Modified Files and Folders =======
    2014-04-08 14:08 - 2014-04-08 14:08 - 00015871 _____ () C:\Users\chris\Desktop\FRST.txt
    2014-04-08 14:08 - 2014-04-08 14:08 - 00000000 ____D () C:\FRST
    2014-04-08 14:07 - 2014-04-08 14:07 - 02157056 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
    2014-04-08 14:04 - 2014-04-08 14:03 - 00009550 _____ () C:\Users\chris\Desktop\Result.txt
    2014-04-08 14:04 - 2013-10-29 18:04 - 00004988 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for livingroompc-chris livingroompc
    2014-04-08 14:03 - 2014-04-08 14:03 - 00982016 _____ (Farbar) C:\Users\chris\Desktop\MiniToolBox.exe
    2014-04-08 14:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-04-08 13:51 - 2014-03-23 12:51 - 00000328 _____ () C:\Windows\Tasks\FF Watcher {3A0D6296-888B-46E2-8273-565CDD95644E}.job
    2014-04-08 13:49 - 2013-07-02 21:55 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1048366436-103377142-1015860150-1002
    2014-04-08 13:45 - 2014-04-08 12:16 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype
    2014-04-08 13:44 - 2014-04-08 12:35 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1048366436-103377142-1015860150-1002
    2014-04-08 13:44 - 2014-04-04 20:24 - 00000402 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_chris.job
    2014-04-08 13:44 - 2014-03-23 12:36 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1048366436-103377142-1015860150-1002
    2014-04-08 13:44 - 2014-03-23 09:59 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-08 13:44 - 2013-07-30 09:32 - 00000000 ___RD () C:\Users\chris\SkyDrive
    2014-04-08 13:43 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-08 13:41 - 2014-04-05 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-08 13:29 - 2012-07-26 03:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-08 13:28 - 2014-04-08 13:28 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33518F35-B299-4BCF-9983-821E556562DE}
    2014-04-08 13:25 - 2014-04-08 13:25 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-04-08 13:24 - 2014-04-08 13:24 - 00003814 _____ () C:\Windows\system32\.crusader
    2014-04-08 13:24 - 2014-04-08 13:16 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-04-08 13:21 - 2014-03-23 09:59 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-08 13:17 - 2014-04-08 13:17 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-04-08 13:16 - 2014-04-08 13:16 - 10971424 _____ (SurfRight B.V.) C:\Users\chris\Downloads\HitmanPro_x64.exe
    2014-04-08 13:07 - 2014-04-08 13:07 - 00001474 _____ () C:\Users\chris\Desktop\JRT.txt
    2014-04-08 12:59 - 2014-04-08 12:59 - 00000000 ____D () C:\Windows\ERUNT
    2014-04-08 12:58 - 2014-04-08 12:58 - 01016261 _____ (Thisisu) C:\Users\chris\Downloads\JRT.exe
    2014-04-08 12:55 - 2014-04-08 12:32 - 00000888 _____ () C:\Windows\PFRO.log
    2014-04-08 12:55 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2014-04-08 12:54 - 2014-04-08 08:24 - 00000000 ____D () C:\AdwCleaner
    2014-04-08 12:53 - 2014-04-08 12:53 - 00930952 _____ (CNET Download.com) C:\Users\chris\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
    2014-04-08 12:32 - 2014-03-21 17:56 - 00325512 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-04-08 12:27 - 2014-03-23 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-04-08 12:16 - 2014-04-08 12:16 - 00000000 ____D () C:\Users\chris\AppData\Local\Skype
    2014-04-08 12:15 - 2014-04-08 12:15 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-04-08 12:15 - 2014-04-08 12:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-04-08 12:15 - 2014-04-08 12:15 - 00000000 ____D () C:\ProgramData\Skype
    2014-04-08 11:50 - 2013-07-16 15:57 - 00000000 ____D () C:\Users\chris\Documents\Youcam
    2014-04-08 11:34 - 2014-04-08 11:34 - 00001224 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
    2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-04-08 10:42 - 2014-04-08 10:42 - 00000000 ____D () C:\Windows\system32\log
    2014-04-08 10:37 - 2014-04-08 10:19 - 00689662 _____ () C:\Windows\WindowsUpdate.log
    2014-04-08 10:34 - 2014-04-08 10:34 - 00001122 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-04-08 10:34 - 2014-04-08 10:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2014-04-08 10:27 - 2013-07-02 21:47 - 00000000 ____D () C:\Users\chris\AppData\Local\Packages
    2014-04-08 10:27 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2014-04-08 10:25 - 2014-04-08 10:25 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2014-04-08 09:07 - 2014-04-08 10:42 - 00034304 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2014-04-08 08:48 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-04-08 08:45 - 2013-02-25 13:17 - 00000000 ____D () C:\ProgramData\Norton
    2014-04-08 08:44 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2014-04-08 08:27 - 2012-11-30 21:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-04-06 08:34 - 2014-03-23 12:56 - 00102400 _____ () C:\Users\chris\AppData\Local\ChromeHitoryDB
    2014-04-06 08:32 - 2013-02-25 12:43 - 00000000 ____D () C:\Program Files (x86)\HP Games
    2014-04-06 08:31 - 2013-02-25 12:42 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
    2014-04-06 08:29 - 2013-07-02 22:11 - 00000000 ____D () C:\Users\chris\AppData\Roaming\WildTangent
    2014-04-06 08:29 - 2013-02-25 12:42 - 00000000 ____D () C:\ProgramData\WildTangent
    2014-04-06 08:21 - 2014-04-06 08:21 - 00000000 ___RD () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-06 08:03 - 2012-08-03 19:21 - 00000000 ____D () C:\Windows\Panther
    2014-04-06 07:59 - 2014-04-06 07:59 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-04-06 07:59 - 2014-04-06 07:59 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-04-06 07:59 - 2014-04-06 07:59 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-06 07:53 - 2014-03-23 09:59 - 00000000 ____D () C:\Users\chris\AppData\Local\Google
    2014-04-06 07:39 - 2014-02-26 22:36 - 00000358 _____ () C:\Windows\Tasks\HPCeeScheduleForchris.job
    2014-04-05 22:12 - 2014-03-23 10:39 - 01171856 _____ (AnyProtect.com) C:\Users\chris\AppData\Local\AnyProtectScannerSetup.exe
    2014-04-05 20:25 - 2014-04-04 20:24 - 00002970 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_chris
    2014-04-05 20:25 - 2014-04-04 20:24 - 00000392 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_chris.job
    2014-04-05 19:41 - 2014-02-26 22:36 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForchris
    2014-04-05 19:41 - 2013-07-02 21:46 - 00000000 ____D () C:\Users\chris
    2014-04-05 17:16 - 2014-03-23 09:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-04-05 17:16 - 2014-03-23 09:59 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-04-05 17:02 - 2014-04-05 17:00 - 00941512 _____ (Piriform Ltd) C:\Users\chris\Downloads\ccsetup412.exe
    2014-04-05 16:42 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
    2014-04-05 15:38 - 2014-04-05 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-05 15:16 - 2013-07-24 13:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-04-05 15:16 - 2013-07-24 13:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-04-04 21:14 - 2014-03-23 13:20 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
    2014-04-04 21:08 - 2012-07-26 01:26 - 00000194 _____ () C:\Windows\win.ini
    2014-04-04 20:50 - 2014-04-04 20:24 - 00000396 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_chris.job
    2014-04-04 20:49 - 2013-08-15 17:13 - 00000000 ____D () C:\Users\chris\AppData\Local\NexGenMediaPlayer
    2014-04-04 20:25 - 2014-04-04 20:24 - 00002974 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_chris
    2014-04-04 20:24 - 2014-04-04 20:24 - 00003620 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_chris
    2014-04-04 20:24 - 2014-04-04 20:24 - 00002678 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_chris
    2014-04-04 20:21 - 2014-03-23 10:00 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Real
    2014-04-04 20:20 - 2014-03-23 11:07 - 00004206 _____ () C:\Windows\System32\Tasks\ShopperPro
    2014-04-04 20:20 - 2014-03-23 11:07 - 00003500 _____ () C:\Windows\System32\Tasks\SPDriver
    2014-04-04 20:16 - 2014-03-23 11:06 - 00003576 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
    2014-03-23 13:44 - 2014-03-23 13:44 - 00000017 _____ () C:\Users\chris\AppData\Local\resmon.resmoncfg
    2014-03-23 13:10 - 2014-03-23 13:10 - 00000045 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
    2014-03-23 13:01 - 2014-03-23 13:01 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Yahoo!
    2014-03-23 13:01 - 2014-03-23 13:01 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
    2014-03-23 13:01 - 2014-03-23 13:01 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
    2014-03-23 13:01 - 2013-08-15 17:13 - 00000000 ____D () C:\ProgramData\Yahoo!
    2014-03-23 12:52 - 2014-03-23 12:51 - 00003274 _____ () C:\Windows\System32\Tasks\FF Watcher {3A0D6296-888B-46E2-8273-565CDD95644E}
    2014-03-23 12:50 - 2014-03-23 12:50 - 00001171 _____ () C:\Users\Public\Desktop\KEYPLAYER media player.lnk
    2014-03-23 12:50 - 2014-03-23 12:50 - 00000000 ____D () C:\Program Files (x86)\Flash Update
    2014-03-23 12:49 - 2014-03-23 12:49 - 00001244 _____ () C:\Users\chris\Desktop\Create Amazing Presentations.lnk
    2014-03-23 12:48 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-03-23 12:48 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2014-03-23 11:10 - 2014-03-23 11:10 - 00000000 ____D () C:\Program Files\Quiknowledge
    2014-03-23 11:07 - 2014-03-23 11:07 - 00004248 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333839333434313532312d232d783232575b5a34452d2a
    2014-03-23 11:07 - 2014-03-23 11:07 - 00003834 _____ () C:\Windows\System32\Tasks\Smp
    2014-03-23 11:07 - 2014-03-23 11:07 - 00003730 _____ () C:\Windows\System32\Tasks\SMupdate1
    2014-03-23 11:07 - 2014-03-23 11:07 - 00000000 ____D () C:\ProgramData\SearchModule
    2014-03-23 11:07 - 2014-03-23 11:07 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
    2014-03-23 11:07 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Common Files\System
    2014-03-23 11:06 - 2014-03-23 11:06 - 00004396 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-23 10:53 - 2013-07-30 09:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-03-23 10:47 - 2013-07-02 21:50 - 00000000 ____D () C:\Users\chris\AppData\Local\Hewlett-Packard
    2014-03-23 10:18 - 2014-03-23 10:06 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Google
    2014-03-23 10:07 - 2014-03-23 10:07 - 00000066 _____ () C:\Windows\GPlrLanc.dat
    2014-03-23 10:07 - 2014-03-23 10:07 - 00000000 ____D () C:\Users\chris\AppData\Local\pptaddin
    2014-03-23 10:06 - 2014-03-23 10:06 - 00001244 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\emaze-Amazing Presentations.lnk
    2014-03-23 10:04 - 2014-03-23 10:04 - 00000000 ____D () C:\Program Files\Google
    2014-03-23 10:04 - 2014-03-23 10:03 - 00000000 ____D () C:\ProgramData\Google
    2014-03-23 10:04 - 2014-03-23 09:59 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-23 10:04 - 2014-03-23 09:57 - 00000000 ____D () C:\ProgramData\Real
    2014-03-23 10:03 - 2014-03-23 10:03 - 00000000 ____D () C:\Users\chris\AppData\Roaming\RealNetworks
    2014-03-23 10:03 - 2014-03-23 10:03 - 00000000 ____D () C:\ProgramData\RealNetworks
    2014-03-23 10:03 - 2014-03-23 10:03 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
    2014-03-23 10:02 - 2014-03-23 10:02 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2014-03-23 10:02 - 2014-03-23 10:02 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2014-03-23 10:02 - 2014-03-23 10:02 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2014-03-23 10:02 - 2014-03-23 10:02 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2014-03-23 10:02 - 2014-03-23 10:01 - 00000000 ____D () C:\Program Files (x86)\Real
    2014-03-23 10:02 - 2013-02-25 13:05 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2014-03-23 10:02 - 2013-02-25 13:05 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2014-03-23 08:29 - 2014-03-23 08:27 - 00002856 _____ () C:\Users\chris\AppData\Roaming\aps.scan.results
    2014-03-23 08:29 - 2014-03-23 08:27 - 00001164 _____ () C:\Users\chris\AppData\Roaming\aps.scan.quick.results
    2014-03-23 08:29 - 2014-03-23 08:27 - 00000322 _____ () C:\Users\chris\AppData\Roaming\aps.uninstall.scan.results
    2014-03-23 08:26 - 2014-03-23 08:26 - 01172736 _____ (AnyProtect.com) C:\Users\chris\AppData\Local\nsu4DEE.tmp
    2014-03-22 17:41 - 2014-03-22 17:41 - 00000000 ____D () C:\Users\chris\AppData\Local\35a3b496-84a3-4573-79a7-409a5d41ef00
    2014-03-22 17:13 - 2014-03-22 17:13 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oberon Media
    2014-03-22 17:13 - 2014-03-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Oberon Media SIDR
    2014-03-22 17:13 - 2014-03-22 17:06 - 00000000 ____D () C:\ProgramData\Oberon Media
    2014-03-22 17:05 - 2014-03-22 17:05 - 00003118 _____ () C:\Windows\System32\Tasks\ArcadeFrontier
    2014-03-19 18:34 - 2013-08-03 01:29 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-19 18:29 - 2013-07-04 19:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-03-15 23:43 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
    2014-03-15 23:03 - 2014-02-07 20:47 - 00000384 _____ () C:\Windows\Tasks\HPCeeScheduleForLIVINGROOMPC$.job
    2014-03-15 22:58 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
    2014-03-15 22:58 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-15 22:58 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-15 22:58 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
    2014-03-15 22:58 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-03-15 22:58 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-03-12 19:49 - 2014-02-07 20:47 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLIVINGROOMPC$
    2014-03-12 19:17 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
    2014-03-12 19:17 - 2012-07-26 01:38 - 00000000 ____D () C:\Windows\system32\oobe
    Some content of TEMP:
    ====================
    C:\Users\chris\AppData\Local\Temp\Quarantine.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-04-06 08:39
    ==================== End Of Log ============================

    FRST Additional.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by chris at 2014-04-08 14:09:10
    Running from C:\Users\chris\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
    AMD Accelerated Video Transcoding (Version: 12.5.100.21018 - Advanced Micro Devices, Inc.) Hidden
    AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{8FE9C1D4-F5E4-B855-1D79-FF5D11F54A19}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
    CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
    CyberLink PowerDirector 10 (x32 Version: 10.0.3.2817 - CyberLink Corp.) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
    CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    emaze PowerPoint Add-In (HKCU\...\emaze PowerPoint Add-In) (Version: 1.1 - emaze.com)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
    HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
    HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{44613B7A-527C-4E89-91FC-E611FA62806A}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
    HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
    L. Frank Baum's The Wonderful Wizard of Oz (HKLM-x32\...\119475617) (Version: - Oberon Media)
    LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
    NexGen Media Player - a modern video player (HKLM-x32\...\NexGen Media Player) (Version: 1.0 - Jenkat Media, Inc)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29031 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group) Hidden
    Search module (HKLM-x32\...\Search module) (Version: - Search Module)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
    VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com)
    Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    ==================== Restore Points =========================
    23-03-2014 16:57:56 RegClean Pro Sun, Mar 23, 14 09:57
    06-04-2014 12:05:15 Removed Bonjour
    08-04-2014 14:06:21 Windows Modules Installer
    ==================== Hosts content: ==========================
    2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {08E5A9D7-9DE2-4F0D-8151-D1ADC7983955} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
    Task: {0AD6BBDB-ED74-4870-BD53-6AA558FC1CDE} - \iWebar-enabler No Task File
    Task: {0B17D776-8C97-4855-8710-70C46720991D} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-01-16] ()
    Task: {114D0039-0B2F-4175-8813-A8118A8A014A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {20D31EA6-A399-4859-BFBD-18A53C92FF0D} - \iWebar-chromeinstaller No Task File
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {25823A96-3471-4705-A5D1-9D20921560BC} - \AmiUpdXp No Task File
    Task: {273B1A22-3DE6-45D6-8EAD-A972AB735B01} - \Plus-HD-9.3-codedownloader No Task File
    Task: {2DA83395-703C-4F2A-9963-2E9F132117CC} - \iWebar-updater No Task File
    Task: {34A1B16B-6095-4BB5-B68A-F0C9584011BE} - \SoftUpdateDaily No Task File
    Task: {3E921EAC-6FD3-4147-BE6E-773E00179C70} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
    Task: {45D78571-FB17-4D63-AAED-D57292544D79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {46BB9B9E-83B9-471A-9CED-6A71A02D2191} - \Information-firefoxinstaller No Task File
    Task: {48C72AC6-1C0A-4F9E-AF55-8625D33B82B0} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
    Task: {4C950C74-60E2-477D-A5A7-4F57033A6C2F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
    Task: {4F7CEEE6-71D9-4D6A-83E2-FD15D21EDFE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
    Task: {504B4940-5782-4389-BAC6-6D93244D842E} - System32\Tasks\ReclaimerUpdateXML_chris => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-04] (RealNetworks, Inc.)
    Task: {55975F3B-7973-4F11-AD48-A7928315B4A9} - \Advanced System Protector No Task File
    Task: {6675C599-B821-4FDF-857C-D9DA925AB9A2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    Task: {6785AAFB-C18C-4164-AD5D-7D24D17FC7B2} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
    Task: {68C8B224-5285-48C1-A4E2-D2BB3172BC2F} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
    Task: {6F1796D9-9AAB-4971-BE6E-A7B9B2906AEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
    Task: {723E76E5-7617-41FF-9BE4-5CBD4A39CBCB} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
    Task: {723F3958-0A64-4FE7-B0C7-EF4A56FDCA97} - System32\Tasks\RNUpgradeHelperResumePrompt_chris => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-04] (RealNetworks, Inc.)
    Task: {7250D857-F320-455E-8DFE-3863628A156C} - System32\Tasks\SMW_UpdateTask_Time_333839333434313532312d232d783232575b5a34452d2a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
    Task: {79A29B27-30D1-448C-9335-72BA60F868E1} - \SoftUpdateLogon No Task File
    Task: {7DB2E590-37F3-4984-9167-ABA4666156CF} - \Information-updater No Task File
    Task: {820C4946-8E99-480B-945C-636377BE5009} - System32\Tasks\HPCeeScheduleForchris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {8649E87D-C2C9-462B-AC29-3F185571ABDC} - \Plus-HD-9.3-enabler No Task File
    Task: {8DA4F5B7-2566-442B-957C-7001A554AC03} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-24] (Synaptics Incorporated)
    Task: {90A890B6-989D-479C-95F6-7BFBB1C4D214} - System32\Tasks\HPCeeScheduleForLIVINGROOMPC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {946B6EDA-5E1A-48F2-99F1-8D266AD9F41E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
    Task: {97C3847A-9499-4A74-8101-B0638ECD4ED9} - \iWebar-codedownloader No Task File
    Task: {9B36068D-5E6D-4ED0-BEEF-F464ED4914E8} - \Information-enabler No Task File
    Task: {9E7B616C-A2D3-43A3-8F78-80A33A8C5E6D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1048366436-103377142-1015860150-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {9E9FE0C6-E242-4F72-ABEF-41A73880193A} - \Plus-HD-9.3-updater No Task File
    Task: {A6D67136-8DB5-45A2-9CB2-16455111FDC7} - System32\Tasks\ArcadeParlor => C:\Users\chris\AppData\Local\ArcadeParlor\versioncheck.exe
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {A906E0F0-F55F-4C14-9254-798999D82C24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
    Task: {B0DB86C5-E99D-4EBB-BD08-B09FC1096CE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {B3A6B0D2-D451-4570-BD4B-400BFB8273E5} - System32\Tasks\ReclaimerUpdateFiles_chris => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-04] (RealNetworks, Inc.)
    Task: {B402A12D-66F5-44C0-A020-FF976646D21C} - \Advanced System Protector_startup No Task File
    Task: {B8E0347F-62F4-4D7B-A902-E84AA01E7AFC} - \Plus-HD-9.3-chromeinstaller No Task File
    Task: {BD2B86CC-4A35-4CAD-8264-E10FE89A5334} - \Plus-HD-9.3-firefoxinstaller No Task File
    Task: {C075813D-4D62-44C5-A223-891682C948A8} - \iWebar-firefoxinstaller No Task File
    Task: {C1D2927B-834B-4791-85A0-5F456C194B64} - \MySearchDial No Task File
    Task: {C4F01362-ECEC-48FB-B636-3CC7D2147C47} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {CF56F5E1-43A4-4843-ABF5-D30687D8D51B} - System32\Tasks\FF Watcher {3A0D6296-888B-46E2-8273-565CDD95644E} => C:\Program Files\Keyplayer Classic\PrefHelper.exe
    Task: {D938DF9A-F504-45EB-B593-94D1444A9DA2} - System32\Tasks\RNUpgradeHelperLogonPrompt_chris => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-04] (RealNetworks, Inc.)
    Task: {DDD785BC-7FDF-4474-A894-00477545218B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
    Task: {E0AB8680-CE98-4A18-B0FB-CEA9EEEAAE5F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1048366436-103377142-1015860150-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {E64F3B9C-8A93-49A4-8DC8-820D687251F3} - \Information-codedownloader No Task File
    Task: {E9E146A7-5A9F-48D3-B68C-A41A2C0B4785} - System32\Tasks\Microsoft Office 15 Sync Maintenance for livingroompc-chris livingroompc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-19] (Microsoft Corporation)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {EE3C596E-45DB-4AFE-A4AB-6B22D63676E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {F0A5B5E5-52B7-4B13-9685-60B2CE34C50E} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
    Task: {F7B4BD87-F47E-4DDD-9631-2B0976AD0DCC} - System32\Tasks\ArcadeFrontier => C:\Users\chris\AppData\Local\ArcadeFrontier\veragent.exe
    Task: {FCAB4337-A5EA-48C6-984E-D39622A85FF2} - \Information-chromeinstaller No Task File
    Task: {FCE53FD5-C5BF-49A2-A891-A919FEB5B1AC} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
    Task: {FEB05211-74C2-4865-8B30-2D7577DFD549} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: C:\Windows\Tasks\FF Watcher {3A0D6296-888B-46E2-8273-565CDD95644E}.job => C:\Program Files\Keyplayer Classic\PrefHelper.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForchris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForLIVINGROOMPC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\ReclaimerUpdateFiles_chris.job => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
    Task: C:\Windows\Tasks\ReclaimerUpdateXML_chris.job => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
    Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_chris.job => C:\Users\chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
    ==================== Loaded Modules (whitelisted) =============
    2012-10-18 11:28 - 2012-10-18 11:28 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-03-23 10:52 - 2013-10-31 20:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-07-30 09:19 - 2014-01-02 21:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2013-08-14 18:19 - 2013-08-14 18:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-01-14 18:59 - 2014-03-19 18:29 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-03-23 12:50 - 2014-03-16 21:11 - 00640000 _____ () C:\Program Files (x86)\Flash Update\winclient32.exe
    2012-10-12 21:22 - 2012-10-12 21:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
    2012-10-12 21:22 - 2012-10-12 21:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
    2012-10-12 21:22 - 2012-10-12 21:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
    2013-07-02 21:48 - 2013-07-02 21:48 - 00120224 _____ () C:\Users\chris\AppData\Local\assembly\dl3\05TG0WPH.7LB\3TEJYCPC.TGJ\82183fc5\00f33f28_e1a8cd01\HPItunesModule.DLL
    2014-03-04 04:39 - 2014-03-04 04:39 - 01014632 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dll
    2013-11-13 22:26 - 2013-12-12 20:55 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2014-03-23 12:50 - 2014-03-15 01:25 - 00236544 _____ () C:\Program Files (x86)\Flash Update\sqlite3.dll
    2014-03-04 04:39 - 2014-03-04 04:39 - 00688488 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll
    ==================== Alternate Data Streams (whitelisted) =========
    AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
    AlternateDataStreams: C:\ProgramData\Temp:17C643E2
    AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
    ==================== Safe Mode (whitelisted) ===================
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
    ==================== Disabled items from MSCONFIG ==============

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (04/08/2014 01:42:09 PM) (Source: Application Hang) (User: )
    Description: The program mbam.exe version 1.0.0.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 1118
    Start Time: 01cf5351b5588325
    Termination Time: 0
    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    Report Id: 1a4c79a9-bf45-11e3-be9b-7446a0895b3e
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (04/08/2014 01:15:11 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.16843, time stamp: 0x53096f36
    Faulting module name: smei64.dll, version: 0.0.0.0, time stamp: 0x53159130
    Exception code: 0xc0000005
    Fault offset: 0x0000000000020be8
    Faulting process id: 0x16e0
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5
    Error: (04/08/2014 01:14:04 PM) (Source: Application Hang) (User: )
    Description: The program mbam.exe version 1.0.0.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 14dc
    Start Time: 01cf534da3a29e8a
    Termination Time: 16
    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    Report Id: 2af3e486-bf41-11e3-be99-7446a0895b3e
    Faulting package full name:
    Faulting package-relative application ID:

    System errors:
    =============
    Error: (04/08/2014 01:43:57 PM) (Source: Service Control Manager) (User: )
    Description: The SPDRIVER_1.35.1.155 service failed to start due to the following error:
    %%3
    Error: (04/08/2014 01:34:10 PM) (Source: Service Control Manager) (User: )
    Description: The SPDRIVER_1.35.1.155 service failed to start due to the following error:
    %%3
    Error: (04/08/2014 01:25:33 PM) (Source: Service Control Manager) (User: )
    Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
    %%0
    Error: (04/08/2014 01:25:24 PM) (Source: Service Control Manager) (User: )
    Description: The SPDRIVER_1.35.1.155 service failed to start due to the following error:
    %%3
    Error: (04/08/2014 01:24:27 PM) (Source: Service Control Manager) (User: )
    Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
    %%5
    Error: (04/08/2014 01:24:26 PM) (Source: Service Control Manager) (User: )
    Description: The KDUpdater service terminated unexpectedly. It has done this 1 time(s).

    Microsoft Office Sessions:
    =========================
    Error: (04/08/2014 01:42:09 PM) (Source: Application Hang)(User: )
    Description: mbam.exe1.0.0.500111801cf5351b55883250C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe1a4c79a9-bf45-11e3-be9b-7446a0895b3e
    Error: (04/08/2014 01:15:11 PM) (Source: Application Error)(User: )
    Description: iexplore.exe10.0.9200.1684353096f36smei64.dll0.0.0.053159130c00000050000000000020be816e001cf534df28d08c1C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dll56f804d1-bf41-11e3-be99-7446a0895b3e
    Error: (04/08/2014 01:14:04 PM) (Source: Application Hang)(User: )
    Description: mbam.exe1.0.0.50014dc01cf534da3a29e8a16C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe2af3e486-bf41-11e3-be99-7446a0895b3e

    ==================== Memory info ===========================
    Percentage of memory in use: 41%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 2095.39 MB
    Total Pagefile: 5538.26 MB
    Available Pagefile: 3981.17 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:435.99 GB) (Free:394 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:29 GB) (Free:3.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 16A83E64)
    Partition: GPT Partition Type.
    ==================== End Of Log ============================
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tim,

    These are dated today!!
    I did say earlier.......
    You will only make matters worse if you continue to download programs.

    2014-04-08 12:53 - 2014-04-08 12:53 - 00930952 _____ (CNET Download.com) C:\Users\chris\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
    and please STAY AWAY from Cnet Download.com.... if you use their downloaders/installers your system will be crawling with Adware. (well, like it already is )
    I will give you direct download links for the programs we need.... not adware infested links.
    We need to know that the programs are clean.

    If you want my help you must be prepared to follow instructions.

    Please remove that copy of AdwCleaner and anything else that you have installed today.... with the exception of FRST.
    Also uninstall the following:
    Search module
    LPT System Updater Service


    When this is done:

    Step 1
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    Step 2
    Download RogueKiller and save it to your desktop.
    • Close all running processes (security programs etc )
    • Double click RogueKiller icon to run the program
      Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
    • Wait for the Prescan to finish.
    • Now click the Scan button.
    • Please copy and paste the report in your next reply.
    A copy of the RKreport.txt can be found on your desktop.

    Note:
    If RogueKiller is blocked, do not hesitate to try running it again.
    If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

    In your next reply, please submit:
    JRT.txt
    AdwCleaner report
    RKreport.txt

    all reports are normally saved in the location that the program is run, so if you can't find them on the desktop..... try the download folder.


    Thanks.
     
  7. timh1111

    timh1111 Registered Members

    Joined:
    Feb 6, 2010
    Messages:
    236
    Location:
    Tampa, FL. USA
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Dell Inspiron
    Memory:
    8 Gigs
    Thanks Starbuck. I fixed it. The biggest issue was a Search Module" under "search.net". I removed all traces of it and the Tuvaro link and all is well now. Thanks for the help :biggrin:
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok, thanks for letting me know.
     

Share This Page