MBAM Crashes with Data Execution Protection Error in Vista

AZBeagle · January 16, 2015

Scan completes normally, then I get a DEP crash in MBAM on my Vista system. Attached as requested are the logs from Farbar.

As requested I have blocked all entries for uTorrent and Azureus/Vuze in Windows Firewall.

I checked the "follow this topic" box on the right but I can't find the Immediate Email Notification anywhere.
Where is it?

Looking forward to your assistance with this problem. Thanks.

FRST.txt

Addition.txt

Maniac · January 17, 2015

Hello AZBeagle! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent, Vuze or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next, please generate new fresh log files.

AZBeagle · January 18, 2015

Attached are fresh scans using Farbar Recovery Scan Tool. Please note that Avast Antivirus flags Farbar as suspicious and I had to disable all Avast Shields before I could download and run. Here are the results...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01
Ran by Alan (administrator) on ALAN-DEN on 17-01-2015 17:23:07
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available profiles: Alan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Nalpeiron Ltd.) C:\Windows\System32\ASTSRV.EXE
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(BitTorrent Inc.) C:\Users\Alan\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 1999-12-31] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispSettingPage] 1
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\MountPoints2: H - H:\launcher.exe
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\MountPoints2: {426f6cb5-8146-11e4-b728-001aa05326a6} - Z:\setup.exe
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {5C4B6E32-DAC4-48E6-9B56-58452918A004} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299872&CUI=UN23674242972303617&UM=2
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.microsoft.com/download/A/C/4/AC43418A-8C86-4205-803E-249B637EE96B/pmupd806.exe
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} http://download.microsoft.com/download/C/3/0/C30CEB8E-483C-471A-B066-1E8B13AAD093/pmupd806.exe
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://amexweb.webex.com/client/T25L10NSP41EP13-amexweb/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3066DC4-25CB-42DB-B5E7-976C3A4C388B}: [NameServer] 4.2.2.2,4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\searchplugins\google-avast.xml
FF Extension: Yahoo! Toolbar - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{FCCA5BFA-3F70-406F-BA8D-157EDF51B6FC}] - C:\Users\Alan\AppData\Local\{FCCA5BFA-3F70-406F-BA8D-157EDF51B6FC}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-15]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010-11-06]
FF HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-26] (SUPERAntiSpyware.com) [File not signed]
S2 acdservice; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 astcc; C:\Windows\system32\astsrv.exe [57344 2010-09-28] (Nalpeiron Ltd.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
S2 CiscoVpnInstallService; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-11-14] (Macrovision Europe Ltd.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-07-09] (Citrix Online, a division of Citrix Systems, Inc.)
S2 gupdate1c9863f58c21da0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
R2 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-23] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 modemcsa; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [693512 2008-12-31] (Raxco Software, Inc.)
S3 PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [910600 2008-12-31] (Raxco Software, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-08-13] (Copyright 2013 SAMSUNG)
S4 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S4 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [232960 2009-06-10] (NVIDIA Corporation) [File not signed]
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2008-08-18] (SupportSoft, Inc.)
S2 umpusbxp; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 1999-12-31] (Conexant Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [103360 2008-12-29] (SlySoft, Inc.)
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [71184 2008-08-28] (Raxco Software, Inc.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [163616 2014-12-16] (Digiarty Software, Inc.)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [980992 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [266752 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-01] (REALiX)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraMobileCsrDfuX86.sys [32624 2014-01-09] (GN Netcom A/S)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2008-07-22] (NVIDIA Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2007-11-09] (Padus, Inc.) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-06] (PowerISO Computing, Inc.) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-01-17] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2013-09-05] (Microsoft Corporation)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 1999-12-31] (Conexant Systems, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\Alan\AppData\Local\Temp\ALSysIO.sys [X]
S3 cpuz134; \??\C:\Users\Alan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904 2009-02-18] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; No ImagePath
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]
S3 TMPassthruMP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: ssm_bus -> No Registry Path.
NETSVC: umpusbxp -> No Registry Path.
NETSVC: acdservice -> No Registry Path.
NETSVC: CiscoVpnInstallService -> No Registry Path.
NETSVC: modemcsa -> No Registry Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 17:23 - 2015-01-17 17:23 - 00026055 _____ () C:\Users\Alan\Desktop\FRST.txt
2015-01-17 17:22 - 2015-01-17 17:22 - 01117696 _____ (Farbar) C:\Users\Alan\Desktop\FRST.exe
2015-01-17 15:58 - 2015-01-17 15:59 - 37827624 _____ (Digiarty Software, Inc. ) C:\Users\Alan\Desktop\winx-dvd-ripper-pt.exe
2015-01-17 13:01 - 2015-01-17 13:01 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-17 13:00 - 1999-12-31 17:00 - 02888536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-17 13:00 - 1999-12-31 17:00 - 02547928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 02328792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-17 13:00 - 1999-12-31 17:00 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00681905 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-17 13:00 - 1999-12-31 17:00 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00124632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00331544 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 02395680 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-16 14:00 - 2015-01-16 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 10:20 - 2015-01-17 17:23 - 00000000 ____D () C:\FRST
2015-01-14 08:17 - 2014-12-18 17:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:09 - 2014-12-05 20:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-10 16:49 - 2015-01-10 16:49 - 00000000 __SHD () C:\found.001
2015-01-10 16:25 - 2015-01-10 16:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 16:25 - 2015-01-10 16:25 - 00000000 _____ () C:\Windows\setupact.log
2015-01-10 16:20 - 2015-01-17 12:52 - 00007526 _____ () C:\Windows\PFRO.log
2015-01-10 16:20 - 2015-01-10 16:20 - 00590976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 07:19 - 2015-01-06 14:58 - 00157096 _____ () C:\Users\Alan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-01 09:02 - 2015-01-01 09:02 - 00012206 _____ () C:\Users\Alan\Documents\Investment Results.xlsx
2015-01-01 08:18 - 2015-01-01 08:18 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-01 08:16 - 2015-01-01 08:16 - 00023840 _____ (REALiX) C:\Windows\system32\Drivers\HWiNFO32.SYS
2014-12-24 14:45 - 2014-12-24 14:45 - 00880784 _____ (Google Inc.) C:\Users\Alan\Downloads\GoogleEarthPluginSetup.exe
2014-12-23 07:46 - 2014-10-30 03:44 - 00152952 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 17:21 - 2013-01-31 12:46 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\uTorrent
2015-01-17 17:20 - 2007-10-29 15:12 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{972B2B68-B87F-4026-91D5-08D964DD998C}.job
2015-01-17 17:15 - 2010-09-18 11:07 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\vlc
2015-01-17 17:13 - 2006-11-02 05:47 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 17:13 - 2006-11-02 05:47 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 17:05 - 2013-10-18 11:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 16:30 - 2008-01-20 18:35 - 01853815 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 16:09 - 2012-12-07 16:15 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\dvdcss
2015-01-17 16:00 - 2014-09-24 14:33 - 00001085 _____ () C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2015-01-17 15:05 - 2013-07-19 15:23 - 00000406 _____ () C:\Windows\Tasks\Incremental Image xml.job
2015-01-17 13:20 - 2013-06-30 11:21 - 00002415 _____ () C:\Users\Alan\Desktop\Reflect.lnk
2015-01-17 13:15 - 2014-06-16 18:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 13:15 - 2012-01-05 16:49 - 00000000 ____D () C:\Users\Alan\Documents\My Faxes
2015-01-17 13:14 - 2013-10-18 11:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 13:13 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 13:04 - 2006-11-02 06:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-17 13:03 - 2009-01-31 18:32 - 00000000 ___HD () C:\Program Files\Temp
2015-01-17 13:00 - 2009-01-31 19:48 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-01-17 12:43 - 2013-07-05 11:28 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-01-17 12:43 - 2013-07-05 11:27 - 00002285 _____ () C:\Users\Public\Desktop\SlimDrivers.lnk
2015-01-17 08:02 - 2013-10-17 07:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 23:19 - 2012-04-09 09:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-16 23:19 - 2011-05-19 08:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-16 15:38 - 2012-05-08 12:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 15:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Provisioning
2015-01-16 15:30 - 2012-04-29 08:36 - 00000000 ____D () C:\Users\Alan\AppData\Local\CrashDumps
2015-01-16 14:32 - 2012-01-05 15:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-15 16:46 - 2009-08-21 18:20 - 00185344 _____ () C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 11:22 - 2009-02-09 19:12 - 00000000 ____D () C:\Users\Alan\Unzipped
2015-01-15 11:09 - 2007-11-09 11:20 - 00000000 ____D () C:\Users\Alan\Temp
2015-01-14 17:24 - 2014-08-31 07:53 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Azureus
2015-01-14 15:29 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 08:17 - 2013-08-13 15:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:10 - 2006-11-02 03:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 17:04 - 2012-12-21 12:00 - 00013256 _____ () C:\Users\Alan\Documents\Visa - Reported Not Paid.xlsx
2015-01-13 11:10 - 2012-01-18 08:58 - 00000796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-12 20:12 - 2013-07-19 15:24 - 00000396 _____ () C:\Windows\Tasks\Full Image xml.job
2015-01-11 17:53 - 2009-01-19 11:11 - 00000000 ____D () C:\Users\Alan\Documents\Reflect
2015-01-10 16:47 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-10 16:39 - 2014-02-14 11:35 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-06 04:36 - 2009-10-02 09:45 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 15:00 - 2014-07-06 11:33 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Spotify
2015-01-05 15:00 - 2010-01-08 07:32 - 00000000 ____D () C:\Users\Alan\Documents\Freecorder 4
2015-01-04 04:00 - 2013-07-05 12:16 - 00000438 _____ () C:\Windows\Tasks\SlimDrivers Scan.job
2015-01-01 12:09 - 2013-03-12 10:15 - 00000000 ____D () C:\ProgramData\VSO
2015-01-01 08:18 - 2013-06-14 18:42 - 00000000 ____D () C:\Program Files\IObit
2015-01-01 08:16 - 2013-06-14 18:43 - 00000000 ____D () C:\ProgramData\IObit
2015-01-01 08:16 - 2011-02-05 08:12 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\IObit
2014-12-22 16:39 - 2013-05-30 11:21 - 00001595 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-12-22 16:39 - 2013-05-30 11:21 - 00000000 ____D () C:\Program Files\Vuze
2014-12-22 13:09 - 2014-07-06 11:34 - 00000000 ____D () C:\Users\Alan\AppData\Local\Spotify

==================== Files in the root of some directories =======
2009-04-12 10:46 - 2010-02-22 11:04 - 0000388 _____ () C:\Users\Alan\AppData\Roaming\burnaware.ini
2012-04-15 13:23 - 2012-04-15 13:23 - 0000000 _____ () C:\Users\Alan\AppData\Roaming\cLxxK.txt
2011-04-16 08:15 - 2014-12-01 12:15 - 0038435 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).ADR
2007-12-29 09:01 - 2008-09-24 05:28 - 0672813 _____ () C:\Users\Alan\AppData\Roaming\datasafeupdate.msi
2010-01-22 09:00 - 2010-04-15 10:55 - 0001013 _____ () C:\Users\Alan\AppData\Roaming\DVDSubEdit.ini
2007-10-17 16:36 - 2014-09-24 14:40 - 0087608 _____ () C:\Users\Alan\AppData\Roaming\inst.exe
2007-10-17 16:36 - 2014-09-24 14:40 - 0007887 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.cat
2007-10-17 16:36 - 2014-09-24 14:40 - 0001144 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.inf
2007-10-17 16:36 - 2014-09-24 14:40 - 0000055 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.log
2007-10-17 16:36 - 2014-09-24 14:40 - 0047360 _____ (VSO Software) C:\Users\Alan\AppData\Roaming\pcouffin.sys
2013-06-29 12:31 - 2013-06-29 12:31 - 0022408 _____ () C:\Users\Alan\AppData\Roaming\UserTile.png
2008-03-19 17:55 - 2014-04-05 14:59 - 0001189 _____ () C:\Users\Alan\AppData\Roaming\vso_ts_preview.xml
2013-12-09 12:40 - 2013-12-09 12:40 - 0001456 _____ () C:\Users\Alan\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-05-24 11:12 - 2013-05-24 11:12 - 64330619 _____ () C:\Users\Alan\AppData\Local\AdobeSetupUtility.zip.aamdownload
2013-05-24 11:12 - 2013-05-24 11:12 - 0000914 _____ () C:\Users\Alan\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
2010-01-25 07:54 - 2010-01-25 07:54 - 0000120 _____ () C:\Users\Alan\AppData\Local\Bnihodivodukeq.dat
2009-08-21 18:20 - 2015-01-15 16:46 - 0185344 _____ () C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-19 11:08 - 2010-08-19 11:08 - 0000092 _____ () C:\Users\Alan\AppData\Local\fusioncache.dat
2010-05-01 08:07 - 2010-05-01 08:07 - 0000036 _____ () C:\Users\Alan\AppData\Local\housecall.guid.cache
2009-08-21 18:09 - 2012-01-05 16:52 - 0047036 _____ () C:\ProgramData\hpzinstall.log
2011-12-28 17:42 - 2012-04-28 14:54 - 0000296 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-11-14 11:53 - 2014-03-30 10:55 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\reflectPatch.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-17 13:22

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2015 01
Ran by Alan at 2015-01-17 17:23:45
Running from C:\Users\Alan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Across Lite 2.0 (HKLM\...\Across Lite 2.0) (Version: 2.0 - Literate Software Systems)
Adobe Acrobat Connect Add-in (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Adobe Acrobat Connect Add-in) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
AMDAway INF (HKLM\...\AMDAway INF) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any DVD Cloner Platinum 1.3.1 (HKLM\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com)
AnyDVD (HKLM\...\AnyDVD) (Version: - SlySoft)
Application Verifier (HKLM\...\{E72400F4-A41E-4019-9143-051BE2951C00}) (Version: 4.0.917 - Microsoft Corporation)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Avidemux 2.4 (HKLM\...\Avidemux 2.4) (Version: 2.4.3.4276 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Crossword Solver (HKLM\...\Crossword Solver) (Version: - )
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.3 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.8.2 - )
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9 - Gteko Ltd.) Hidden
Dropbox (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Freecorder 5 (HKLM\...\Freecorder5.07) (Version: 5.07 - Applian Technologies Inc.)
Freecorder Toolbar (HKLM\...\freecordertoolbar) (Version: 5.0.0.0 - ) <==== ATTENTION
Freemake Video Converter version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
FreeRIP MP3 Converter 4.4.1 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.4.1 - GreenTree Applications SRL)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
GML Matting 0.3 (HKLM\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Earth (HKLM\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Arizona 2012 (HKLM\...\{23ADF1CF-4578-4BEC-AF07-FFEC8EA17C9C}) (Version: 1.12.4601 - HRB Technology, LLC.)
H&R Block Arizona 2013 (HKLM\...\{E9772A9E-A62D-4935-938A-770CBDB30E2A}) (Version: 1.13.4901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
HARDiNFO 7 (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\HARDiNFO 7) (Version: 7.0 - Ultimate Systems)
HARDiNFO 7 (Version: 7.0 - Ultimate Systems) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
honestech VHS to DVD 5.0 Deluxe (HKLM\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)
honestech VHS to DVD 5.0 Deluxe (Version: 5.0 - honestech) Hidden
Hoyle Card Games (HKLM\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games (HKLM\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HRBlockDirect version 1.1.1.0 (HKLM\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.1.0 - HRBlock)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kruptos 2 (HKLM\...\{A2273570-B532-4F8D-892E-14999C591E25}) (Version: 3.0.14 - Kruptos)
Leisure Suit Larry Reloaded (HKLM\...\Leisure Suit Larry Reloaded_is1) (Version: - )
Logitech Harmony Remote Software (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Macrium Reflect Standard Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Standard Edition (Version: 5.3.7100 - Paramount Software (UK) Ltd.) Hidden
Magic File Renamer 6.12 Professional Edition (HKLM\...\{2F09F8D0-797D-4F98-9638-4BE6B83A8E26}) (Version: 1.0.6 - FineBytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mask Pro 4.1 (HKLM\...\{2DFAC810-6DD8-4E23-96A4-BEB118408203}) (Version: 4.1.1 - onOne Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\MyFreeCodec) (Version: - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.15.11.8618 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
onOne Photo Essentials 3.0.3 (HKLM\...\{6220E72E-67BD-4E7A-B0FB-2DF318251891}) (Version: 3.0.3 - onOne Software)
OpenAL (HKLM\...\OpenAL) (Version: - )
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.2.5 - EXP Systems LLC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
PerfectDisk 2008 Professional (HKLM\...\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}) (Version: 9.0.76 - Raxco Software Inc.)
PowerISO (HKLM\...\PowerISO) (Version: - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickConnect (HKLM\...\{4998FF95-709A-430A-B104-92A009ABB848}) (Version: 3.2 - Qwest)
QuickConnect (Version: 3.2 - Qwest) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Qwest QuickAssist Desktop Tools (HKLM\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Qwest Quickcare 2.5 (HKLM\...\QwestQuickCare_is1) (Version: 2.5.0808.2123 - Qwest)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RoboForm 7-9-9-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung Link 2.0.0.1408131423 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1408131423 - Copyright 2013 SAMSUNG)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SlimDrivers (HKLM\...\{E1D00057-82F0-4EA1-91C2-270682EB9C98}) (Version: 2.2.30423 - SlimWare Utilities, Inc.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sokoban++ (HKLM\...\SokobanPP) (Version: - )
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spotify (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StampManage 2014 (HKLM\...\StampManage_2014) (Version: 2014 - Liberty Street Software)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
The Complete Genealogy Builder (HKLM\...\The Complete Genealogy Builder_is1) (Version: Version 2013 - Nigel Bufton Software)
The Complete Genealogy Reporter (HKLM\...\The Complete Genealogy Reporter_is1) (Version: Version 2013 - Nigel Bufton Software)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Topaz Adjust 3 (HKLM\...\{5E684419-44E3-46EE-A43C-A60082CBF4EC}) (Version: 3.0.9 - Topaz Labs)
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB2.0 VIDBOX NW03 (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 3.0.2 - honestech)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.14 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Widevine Media Transformer Plugin 5.0.0 (HKLM\...\transformer_ie) (Version: 5.0.0.4679 - Widevine Technologies)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinX DVD Copy Pro 3.6.3 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)
WinX DVD Ripper Platinum 7.5.11 (HKLM\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

16-01-2015 00:00:01 Scheduled Checkpoint
16-01-2015 09:57:42 Windows Update
17-01-2015 00:09:38 Scheduled Checkpoint
17-01-2015 12:44:12 SlimDrivers Installing Drivers
17-01-2015 13:01:07 Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2013-05-23 12:27 - 00425605 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180searchassistant.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0547C571-F2A8-4634-8356-8FCF0A190FD9} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {0B3AD143-CDDD-4931-A591-469D1A64CD95} - \SDMsgUpdate (TE) No Task File <==== ATTENTION
Task: {14B611C7-CC60-4822-91D2-87CEA3610C43} - System32\Tasks\4561 => Wscript.exe C:\Users\Alan\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {2F4CED85-1D4B-40AD-956A-238B19200317} - System32\Tasks\Full Image xml => c:\program files\macrium\reflect\reflect.exe [2014-12-23] (Paramount Software UK Ltd)
Task: {44677DCD-0823-49AF-8F32-FEEC74C1CD1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {69B639D2-5CCB-4C43-BD8B-1349F6FF5357} - System32\Tasks\AdobeAAMUpdater-1.0-Alan-Den-Alan => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {74F056AA-7AB9-4C6D-ACA3-94DF770FF49D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {8ACDE9EA-B5A5-4CD8-A654-889E75A9EB17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {95820819-794A-4ACA-A91C-3D8B558653D9} - System32\Tasks\SlimDrivers Scan => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-06-21] (SlimWare Utilities, Inc.)
Task: {B476798D-0138-49EA-A030-89ECF78BCA36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {BBEF4D0E-043F-41A4-B532-FC3B83A4367C} - System32\Tasks\Incremental Image xml => c:\program files\macrium\reflect\reflect.exe [2014-12-23] (Paramount Software UK Ltd)
Task: {C2C2B45A-DDDD-4C1C-B80E-40E0A96ACBED} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {DA77DC6E-3286-405F-A5B5-ACDC7062E02E} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-23] (IObit)
Task: {E5F420DA-0B86-4F5A-AEC7-C72D7B34E5B9} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe
Task: {ED468BE6-6B0E-4473-833D-7E58927CC1FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-25] (AVAST Software)
Task: {F4010C8B-1578-4F7B-AA10-BBD199D895EF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Alan => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Full Image xml.job => c:\program files\macrium\reflect\reflect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Incremental Image xml.job => c:\program files\macrium\reflect\reflect.exe
Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{972B2B68-B87F-4026-91D5-08D964DD998C}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2015-01-17 12:49 - 2015-01-17 12:49 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011701\algo.dll
2007-07-01 10:50 - 2007-07-01 10:50 - 00064976 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2008-01-29 18:33 - 2011-03-14 10:42 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2009-09-26 10:52 - 2009-09-10 04:40 - 00027392 _____ () C:\Windows\System32\solidlocalmon.dll
2009-08-24 17:20 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2013-10-30 11:35 - 2014-11-25 19:42 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-09-23 17:25 - 2014-08-13 14:23 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-09-23 17:25 - 2014-08-13 14:23 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-09-23 17:25 - 2014-08-13 14:23 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows\$NtUninstallKB19945$:SummaryInformation
AlternateDataStreams: C:\Users\Alan\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
AlternateDataStreams: C:\Users\Alan\Documents\Aero.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\Alan\Documents\Backscratcher.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\Alan\Documents\Bill1.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Alan\Documents\hyundai.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\Alan\Documents\RR.wmv:Roxio EMC Stream
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:2747A4D7
AlternateDataStreams: C:\ProgramData\TEMP:50B5C124
AlternateDataStreams: C:\ProgramData\TEMP:7638A5DA
AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeActiveFileMonitor6.0 => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Amazon Download Agent => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aswUpdSv => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DSBrokerService => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate1c9863f58c21da0 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PD91Engine => 2
MSCONFIG\Services: ReflectService => 2
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: RoxWatch9 => 2
MSCONFIG\Services: RUBotted => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SPDFToolsReadSpool => 2
MSCONFIG\Services: sprtlisten => 2
MSCONFIG\Services: sprtsvc_dellsupportcenter => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SupportSoft RemoteAssist => 2
MSCONFIG\Services: Symantec RemoteAssist => 3
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk => C:\Windows\pss\Register Mask Pro 3.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1419110213
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Alan\AppData\Local\Apps\2.0\Y7ZPDBZB.CAJ\C21PTZ0C.DMV\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe -update activex
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: Google Update => "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Alan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TMRUBottedTray =>
MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe /boot
MSCONFIG\startupreg: uTorrent => "C:\Users\Alan\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4265388098-4104772770-3007106771-500 - Administrator - Disabled)
Alan (S-1-5-21-4265388098-4104772770-3007106771-1000 - Administrator - Enabled) => C:\Users\Alan
ASPNET (S-1-5-21-4265388098-4104772770-3007106771-1004 - Limited - Enabled)
Guest (S-1-5-21-4265388098-4104772770-3007106771-501 - Limited - Enabled) => C:\Users\Guest

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 00:47:10 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALAN\APPDATA\LOCAL\SLIMWARE UTILITIES INC\SLIMDRIVERS\SETTINGS.DB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/17/2015 00:44:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {950b9742-187e-4d24-b8d1-08239845bf78}

Error: (01/16/2015 11:19:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16599 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1dc0
Start Time: 01d0321cf3053430
Termination Time: 7

Error: (01/16/2015 03:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x5210, application start time 0xmbam.exe0.

Error: (01/16/2015 02:28:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0xc000001d, fault offset 0x0007676f,
process id 0x5210, application start time 0xmbam.exe0.

Error: (01/16/2015 02:28:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module mbam.dll, version 1.0.16.0, time stamp 0x53f38fd3, exception code 0xc0000005, fault offset 0x0004a3fe,
process id 0x5210, application start time 0xmbam.exe0.

Error: (01/16/2015 02:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module WINTRUST.dll, version 6.0.6002.18881, time stamp 0x51da3e4a, exception code 0xc0000096, fault offset 0x00026f76,
process id 0x5da0, application start time 0xmbam.exe0.

Error: (01/16/2015 02:23:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x206f7420,
process id 0x5da0, application start time 0xmbam.exe0.

Error: (01/15/2015 04:49:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x64206ea8,
process id 0xa18, application start time 0xmbam.exe0.

Error: (01/15/2015 04:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x4544434f,
process id 0xa18, application start time 0xmbam.exe0.

System errors:
=============
Error: (01/17/2015 01:14:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
SASKUTIL

Error: (01/17/2015 01:14:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Nmap%%2

Error: (01/17/2015 01:14:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SE2Emdm%%2

Error: (01/17/2015 01:14:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Vcomm%%2

Error: (01/17/2015 01:14:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Mr7910%%2

Error: (01/17/2015 01:14:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/17/2015 01:04:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update

Error: (01/17/2015 00:56:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate1

Error: (01/17/2015 00:55:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
SASKUTIL

Error: (01/17/2015 00:55:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Nmap%%2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-01-17 17:23:18.134
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 17:23:17.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 17:23:17.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 17:23:17.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 13:14:58.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 13:14:58.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 13:14:57.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 13:14:57.660
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-17 12:56:13.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 15:41:12.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 53%
Total physical RAM: 3517.57 MB
Available physical RAM: 1640.7 MB
Total Pagefile: 7253.97 MB
Available Pagefile: 5400.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.05 GB) (Free:187.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (Fantom) (Fixed) (Total:465.76 GB) (Free:209.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 007B399B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 000098EC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Maniac · January 18, 2015

I still see the program running.

(BitTorrent Inc.) C:\Users\Alan\AppData\Roaming\uTorrent\uTorrent.exe

AZBeagle · January 19, 2015

Sorry about that. I had disabled uTorrent in my firewall but had not uninstalled it. It has been uninstalled now. I ran new Farbar Scans - Avast still Flagging Farbar Recovery Scan Tool as a virus (Win32:Evo-Gen), so I had to run the scans with no shields again. Here are the results. Look forward to your reply...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Alan (administrator) on ALAN-DEN on 19-01-2015 09:21:23
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available profiles: Alan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Nalpeiron Ltd.) C:\Windows\System32\ASTSRV.EXE
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 1999-12-31] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_235_ActiveX.exe [959152 2014-12-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispSettingPage] 1
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\MountPoints2: H - H:\launcher.exe
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\MountPoints2: {426f6cb5-8146-11e4-b728-001aa05326a6} - Z:\setup.exe
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {5C4B6E32-DAC4-48E6-9B56-58452918A004} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299872&CUI=UN23674242972303617&UM=2
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.microsoft.com/download/A/C/4/AC43418A-8C86-4205-803E-249B637EE96B/pmupd806.exe
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} http://download.microsoft.com/download/C/3/0/C30CEB8E-483C-471A-B066-1E8B13AAD093/pmupd806.exe
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://amexweb.webex.com/client/T25L10NSP41EP13-amexweb/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3066DC4-25CB-42DB-B5E7-976C3A4C388B}: [NameServer] 4.2.2.2,4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\searchplugins\google-avast.xml
FF Extension: Yahoo! Toolbar - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{FCCA5BFA-3F70-406F-BA8D-157EDF51B6FC}] - C:\Users\Alan\AppData\Local\{FCCA5BFA-3F70-406F-BA8D-157EDF51B6FC}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-15]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010-11-06]
FF HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-26] (SUPERAntiSpyware.com) [File not signed]
S2 acdservice; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 astcc; C:\Windows\system32\astsrv.exe [57344 2010-09-28] (Nalpeiron Ltd.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
S2 CiscoVpnInstallService; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-11-14] (Macrovision Europe Ltd.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-07-09] (Citrix Online, a division of Citrix Systems, Inc.)
S2 gupdate1c9863f58c21da0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
R2 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-23] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 modemcsa; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [693512 2008-12-31] (Raxco Software, Inc.)
S3 PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [910600 2008-12-31] (Raxco Software, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-08-13] (Copyright 2013 SAMSUNG)
S4 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S4 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [232960 2009-06-10] (NVIDIA Corporation) [File not signed]
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2008-08-18] (SupportSoft, Inc.)
S2 umpusbxp; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 1999-12-31] (Conexant Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [103360 2008-12-29] (SlySoft, Inc.)
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [71184 2008-08-28] (Raxco Software, Inc.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [163616 2014-12-16] (Digiarty Software, Inc.)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [980992 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [266752 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-01] (REALiX)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraMobileCsrDfuX86.sys [32624 2014-01-09] (GN Netcom A/S)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2008-07-22] (NVIDIA Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2007-11-09] (Padus, Inc.) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-06] (PowerISO Computing, Inc.) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-01-17] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2013-09-05] (Microsoft Corporation)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 1999-12-31] (Conexant Systems, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\Alan\AppData\Local\Temp\ALSysIO.sys [X]
S3 cpuz134; \??\C:\Users\Alan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904 2009-02-18] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; No ImagePath
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]
S3 TMPassthruMP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: ssm_bus -> No Registry Path.
NETSVC: umpusbxp -> No Registry Path.
NETSVC: acdservice -> No Registry Path.
NETSVC: CiscoVpnInstallService -> No Registry Path.
NETSVC: modemcsa -> No Registry Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:21 - 2015-01-19 09:21 - 00025810 _____ () C:\Users\Alan\Desktop\FRST.txt
2015-01-19 09:21 - 2015-01-19 09:21 - 00000000 ____D () C:\Users\Alan\Desktop\FRST-OlderVersion
2015-01-18 17:20 - 2015-01-18 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-01-18 17:20 - 2015-01-18 17:20 - 00001784 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-01-18 17:19 - 2015-01-18 17:20 - 00000000 ____D () C:\Program Files\HRBlock2014
2015-01-17 17:22 - 2015-01-19 09:21 - 01118208 _____ (Farbar) C:\Users\Alan\Desktop\FRST.exe
2015-01-17 13:01 - 2015-01-17 13:01 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-17 13:00 - 1999-12-31 17:00 - 02888536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-17 13:00 - 1999-12-31 17:00 - 02547928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 02328792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-17 13:00 - 1999-12-31 17:00 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00681905 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-17 13:00 - 1999-12-31 17:00 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00124632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00331544 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 02395680 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-16 14:00 - 2015-01-16 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 10:20 - 2015-01-19 09:21 - 00000000 ____D () C:\FRST
2015-01-14 08:17 - 2014-12-18 17:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:09 - 2014-12-05 20:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-10 16:49 - 2015-01-10 16:49 - 00000000 __SHD () C:\found.001
2015-01-10 16:25 - 2015-01-10 16:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 16:25 - 2015-01-10 16:25 - 00000000 _____ () C:\Windows\setupact.log
2015-01-10 16:20 - 2015-01-17 12:52 - 00007526 _____ () C:\Windows\PFRO.log
2015-01-10 16:20 - 2015-01-10 16:20 - 00590976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 07:19 - 2015-01-18 17:32 - 00157744 _____ () C:\Users\Alan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-01 09:02 - 2015-01-01 09:02 - 00012206 _____ () C:\Users\Alan\Documents\Investment Results.xlsx
2015-01-01 08:18 - 2015-01-01 08:18 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-01 08:16 - 2015-01-01 08:16 - 00023840 _____ (REALiX) C:\Windows\system32\Drivers\HWiNFO32.SYS
2014-12-24 14:45 - 2014-12-24 14:45 - 00880784 _____ (Google Inc.) C:\Users\Alan\Downloads\GoogleEarthPluginSetup.exe
2014-12-23 07:46 - 2014-10-30 03:44 - 00152952 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:20 - 2007-10-29 15:12 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{972B2B68-B87F-4026-91D5-08D964DD998C}.job
2015-01-19 09:13 - 2006-11-02 05:47 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:13 - 2006-11-02 05:47 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:05 - 2013-10-18 11:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 08:41 - 2012-04-29 08:36 - 00000000 ____D () C:\Users\Alan\AppData\Local\CrashDumps
2015-01-19 08:32 - 2014-06-16 18:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 23:35 - 2008-01-20 18:35 - 01870533 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 20:05 - 2013-10-18 11:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 17:29 - 2012-01-05 16:49 - 00000000 ____D () C:\Users\Alan\Documents\My Faxes
2015-01-18 17:21 - 2008-01-29 18:32 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\TaxCut
2015-01-18 17:06 - 2008-01-29 18:27 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-18 15:05 - 2013-07-19 15:23 - 00000406 _____ () C:\Windows\Tasks\Incremental Image xml.job
2015-01-18 14:37 - 2010-09-18 11:07 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\vlc
2015-01-17 16:09 - 2012-12-07 16:15 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\dvdcss
2015-01-17 16:00 - 2014-09-24 14:33 - 00001085 _____ () C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2015-01-17 13:20 - 2013-06-30 11:21 - 00002415 _____ () C:\Users\Alan\Desktop\Reflect.lnk
2015-01-17 13:13 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 13:04 - 2006-11-02 06:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-17 13:03 - 2009-01-31 18:32 - 00000000 ___HD () C:\Program Files\Temp
2015-01-17 13:00 - 2009-01-31 19:48 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-01-17 12:43 - 2013-07-05 11:28 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-01-17 12:43 - 2013-07-05 11:27 - 00002285 _____ () C:\Users\Public\Desktop\SlimDrivers.lnk
2015-01-17 08:02 - 2013-10-17 07:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 23:19 - 2012-04-09 09:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-16 23:19 - 2011-05-19 08:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-16 15:38 - 2012-05-08 12:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 15:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Provisioning
2015-01-16 14:32 - 2012-01-05 15:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-15 16:46 - 2009-08-21 18:20 - 00185344 _____ () C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 11:22 - 2009-02-09 19:12 - 00000000 ____D () C:\Users\Alan\Unzipped
2015-01-15 11:09 - 2007-11-09 11:20 - 00000000 ____D () C:\Users\Alan\Temp
2015-01-14 15:29 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 08:17 - 2013-08-13 15:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:10 - 2006-11-02 03:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 17:04 - 2012-12-21 12:00 - 00013256 _____ () C:\Users\Alan\Documents\Visa - Reported Not Paid.xlsx
2015-01-13 11:10 - 2012-01-18 08:58 - 00000796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-12 20:12 - 2013-07-19 15:24 - 00000396 _____ () C:\Windows\Tasks\Full Image xml.job
2015-01-11 17:53 - 2009-01-19 11:11 - 00000000 ____D () C:\Users\Alan\Documents\Reflect
2015-01-10 16:47 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-10 16:39 - 2014-02-14 11:35 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-06 04:36 - 2009-10-02 09:45 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 15:00 - 2014-07-06 11:33 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Spotify
2015-01-05 15:00 - 2010-01-08 07:32 - 00000000 ____D () C:\Users\Alan\Documents\Freecorder 4
2015-01-04 04:00 - 2013-07-05 12:16 - 00000438 _____ () C:\Windows\Tasks\SlimDrivers Scan.job
2015-01-01 12:09 - 2013-03-12 10:15 - 00000000 ____D () C:\ProgramData\VSO
2015-01-01 08:18 - 2013-06-14 18:42 - 00000000 ____D () C:\Program Files\IObit
2015-01-01 08:16 - 2013-06-14 18:43 - 00000000 ____D () C:\ProgramData\IObit
2015-01-01 08:16 - 2011-02-05 08:12 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\IObit
2014-12-22 13:09 - 2014-07-06 11:34 - 00000000 ____D () C:\Users\Alan\AppData\Local\Spotify

==================== Files in the root of some directories =======
2009-04-12 10:46 - 2010-02-22 11:04 - 0000388 _____ () C:\Users\Alan\AppData\Roaming\burnaware.ini
2012-04-15 13:23 - 2012-04-15 13:23 - 0000000 _____ () C:\Users\Alan\AppData\Roaming\cLxxK.txt
2011-04-16 08:15 - 2014-12-01 12:15 - 0038435 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).ADR
2007-12-29 09:01 - 2008-09-24 05:28 - 0672813 _____ () C:\Users\Alan\AppData\Roaming\datasafeupdate.msi
2010-01-22 09:00 - 2010-04-15 10:55 - 0001013 _____ () C:\Users\Alan\AppData\Roaming\DVDSubEdit.ini
2007-10-17 16:36 - 2014-09-24 14:40 - 0087608 _____ () C:\Users\Alan\AppData\Roaming\inst.exe
2007-10-17 16:36 - 2014-09-24 14:40 - 0007887 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.cat
2007-10-17 16:36 - 2014-09-24 14:40 - 0001144 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.inf
2007-10-17 16:36 - 2014-09-24 14:40 - 0000055 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.log
2007-10-17 16:36 - 2014-09-24 14:40 - 0047360 _____ (VSO Software) C:\Users\Alan\AppData\Roaming\pcouffin.sys
2013-06-29 12:31 - 2013-06-29 12:31 - 0022408 _____ () C:\Users\Alan\AppData\Roaming\UserTile.png
2008-03-19 17:55 - 2014-04-05 14:59 - 0001189 _____ () C:\Users\Alan\AppData\Roaming\vso_ts_preview.xml
2013-12-09 12:40 - 2013-12-09 12:40 - 0001456 _____ () C:\Users\Alan\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-05-24 11:12 - 2013-05-24 11:12 - 64330619 _____ () C:\Users\Alan\AppData\Local\AdobeSetupUtility.zip.aamdownload
2013-05-24 11:12 - 2013-05-24 11:12 - 0000914 _____ () C:\Users\Alan\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
2010-01-25 07:54 - 2010-01-25 07:54 - 0000120 _____ () C:\Users\Alan\AppData\Local\Bnihodivodukeq.dat
2009-08-21 18:20 - 2015-01-15 16:46 - 0185344 _____ () C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-19 11:08 - 2010-08-19 11:08 - 0000092 _____ () C:\Users\Alan\AppData\Local\fusioncache.dat
2010-05-01 08:07 - 2010-05-01 08:07 - 0000036 _____ () C:\Users\Alan\AppData\Local\housecall.guid.cache
2009-08-21 18:09 - 2012-01-05 16:52 - 0047036 _____ () C:\ProgramData\hpzinstall.log
2011-12-28 17:42 - 2012-04-28 14:54 - 0000296 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-11-14 11:53 - 2014-03-30 10:55 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alan\AppData\Local\Temp\reflectPatch.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-19 01:33

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Alan at 2015-01-19 09:21:54
Running from C:\Users\Alan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Across Lite 2.0 (HKLM\...\Across Lite 2.0) (Version: 2.0 - Literate Software Systems)
Adobe Acrobat Connect Add-in (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Adobe Acrobat Connect Add-in) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
AMDAway INF (HKLM\...\AMDAway INF) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any DVD Cloner Platinum 1.3.1 (HKLM\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com)
AnyDVD (HKLM\...\AnyDVD) (Version: - SlySoft)
Application Verifier (HKLM\...\{E72400F4-A41E-4019-9143-051BE2951C00}) (Version: 4.0.917 - Microsoft Corporation)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Avidemux 2.4 (HKLM\...\Avidemux 2.4) (Version: 2.4.3.4276 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Crossword Solver (HKLM\...\Crossword Solver) (Version: - )
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.3 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.8.2 - )
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9 - Gteko Ltd.) Hidden
Dropbox (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Freecorder 5 (HKLM\...\Freecorder5.07) (Version: 5.07 - Applian Technologies Inc.)
Freecorder Toolbar (HKLM\...\freecordertoolbar) (Version: 5.0.0.0 - ) <==== ATTENTION
Freemake Video Converter version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
FreeRIP MP3 Converter 4.4.1 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.4.1 - GreenTree Applications SRL)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
GML Matting 0.3 (HKLM\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Earth (HKLM\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Arizona 2012 (HKLM\...\{23ADF1CF-4578-4BEC-AF07-FFEC8EA17C9C}) (Version: 1.12.4601 - HRB Technology, LLC.)
H&R Block Arizona 2013 (HKLM\...\{E9772A9E-A62D-4935-938A-770CBDB30E2A}) (Version: 1.13.4901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.5501 - HRB Technology, LLC.)
HARDiNFO 7 (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\HARDiNFO 7) (Version: 7.0 - Ultimate Systems)
HARDiNFO 7 (Version: 7.0 - Ultimate Systems) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
honestech VHS to DVD 5.0 Deluxe (HKLM\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)
honestech VHS to DVD 5.0 Deluxe (Version: 5.0 - honestech) Hidden
Hoyle Card Games (HKLM\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games (HKLM\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HRBlockDirect version 1.1.1.0 (HKLM\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.1.0 - HRBlock)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kruptos 2 (HKLM\...\{A2273570-B532-4F8D-892E-14999C591E25}) (Version: 3.0.14 - Kruptos)
Leisure Suit Larry Reloaded (HKLM\...\Leisure Suit Larry Reloaded_is1) (Version: - )
Logitech Harmony Remote Software (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Macrium Reflect Standard Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Standard Edition (Version: 5.3.7100 - Paramount Software (UK) Ltd.) Hidden
Magic File Renamer 6.12 Professional Edition (HKLM\...\{2F09F8D0-797D-4F98-9638-4BE6B83A8E26}) (Version: 1.0.6 - FineBytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mask Pro 4.1 (HKLM\...\{2DFAC810-6DD8-4E23-96A4-BEB118408203}) (Version: 4.1.1 - onOne Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\MyFreeCodec) (Version: - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.15.11.8618 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
onOne Photo Essentials 3.0.3 (HKLM\...\{6220E72E-67BD-4E7A-B0FB-2DF318251891}) (Version: 3.0.3 - onOne Software)
OpenAL (HKLM\...\OpenAL) (Version: - )
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.2.5 - EXP Systems LLC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
PerfectDisk 2008 Professional (HKLM\...\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}) (Version: 9.0.76 - Raxco Software Inc.)
PowerISO (HKLM\...\PowerISO) (Version: - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickConnect (HKLM\...\{4998FF95-709A-430A-B104-92A009ABB848}) (Version: 3.2 - Qwest)
QuickConnect (Version: 3.2 - Qwest) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Qwest QuickAssist Desktop Tools (HKLM\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Qwest Quickcare 2.5 (HKLM\...\QwestQuickCare_is1) (Version: 2.5.0808.2123 - Qwest)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RoboForm 7-9-9-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung Link 2.0.0.1408131423 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1408131423 - Copyright 2013 SAMSUNG)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SlimDrivers (HKLM\...\{E1D00057-82F0-4EA1-91C2-270682EB9C98}) (Version: 2.2.30423 - SlimWare Utilities, Inc.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sokoban++ (HKLM\...\SokobanPP) (Version: - )
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spotify (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StampManage 2014 (HKLM\...\StampManage_2014) (Version: 2014 - Liberty Street Software)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
The Complete Genealogy Builder (HKLM\...\The Complete Genealogy Builder_is1) (Version: Version 2013 - Nigel Bufton Software)
The Complete Genealogy Reporter (HKLM\...\The Complete Genealogy Reporter_is1) (Version: Version 2013 - Nigel Bufton Software)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Topaz Adjust 3 (HKLM\...\{5E684419-44E3-46EE-A43C-A60082CBF4EC}) (Version: 3.0.9 - Topaz Labs)
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB2.0 VIDBOX NW03 (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 3.0.2 - honestech)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.14 - VSO Software)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Widevine Media Transformer Plugin 5.0.0 (HKLM\...\transformer_ie) (Version: 5.0.0.4679 - Widevine Technologies)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinX DVD Copy Pro 3.6.3 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)
WinX DVD Ripper Platinum 7.5.11 (HKLM\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

16-01-2015 00:00:01 Scheduled Checkpoint
16-01-2015 09:57:42 Windows Update
17-01-2015 00:09:38 Scheduled Checkpoint
17-01-2015 12:44:12 SlimDrivers Installing Drivers
17-01-2015 13:01:07 Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
18-01-2015 17:18:34 Installed HR Block 2014.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2013-05-23 12:27 - 00425605 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180searchassistant.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0547C571-F2A8-4634-8356-8FCF0A190FD9} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {0B3AD143-CDDD-4931-A591-469D1A64CD95} - \SDMsgUpdate (TE) No Task File <==== ATTENTION
Task: {14B611C7-CC60-4822-91D2-87CEA3610C43} - System32\Tasks\4561 => Wscript.exe C:\Users\Alan\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {2F4CED85-1D4B-40AD-956A-238B19200317} - System32\Tasks\Full Image xml => c:\program files\macrium\reflect\reflect.exe [2014-12-23] (Paramount Software UK Ltd)
Task: {44677DCD-0823-49AF-8F32-FEEC74C1CD1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {69B639D2-5CCB-4C43-BD8B-1349F6FF5357} - System32\Tasks\AdobeAAMUpdater-1.0-Alan-Den-Alan => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {74F056AA-7AB9-4C6D-ACA3-94DF770FF49D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {8ACDE9EA-B5A5-4CD8-A654-889E75A9EB17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {95820819-794A-4ACA-A91C-3D8B558653D9} - System32\Tasks\SlimDrivers Scan => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-06-21] (SlimWare Utilities, Inc.)
Task: {AD5A93EF-32AA-4FC1-BABC-8DEF25273630} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Alan => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {B476798D-0138-49EA-A030-89ECF78BCA36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {BBEF4D0E-043F-41A4-B532-FC3B83A4367C} - System32\Tasks\Incremental Image xml => c:\program files\macrium\reflect\reflect.exe [2014-12-23] (Paramount Software UK Ltd)
Task: {C2C2B45A-DDDD-4C1C-B80E-40E0A96ACBED} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {DA77DC6E-3286-405F-A5B5-ACDC7062E02E} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-23] (IObit)
Task: {E5F420DA-0B86-4F5A-AEC7-C72D7B34E5B9} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe
Task: {ED468BE6-6B0E-4473-833D-7E58927CC1FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-25] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Full Image xml.job => c:\program files\macrium\reflect\reflect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Incremental Image xml.job => c:\program files\macrium\reflect\reflect.exe
Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{972B2B68-B87F-4026-91D5-08D964DD998C}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2015-01-19 05:27 - 2015-01-19 05:27 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011900\algo.dll
2007-07-01 10:50 - 2007-07-01 10:50 - 00064976 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2008-01-29 18:33 - 2011-03-14 10:42 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2009-09-26 10:52 - 2009-09-10 04:40 - 00027392 _____ () C:\Windows\System32\solidlocalmon.dll
2009-08-24 17:20 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2007-08-10 08:14 - 2007-08-10 08:14 - 00888832 _____ () C:\Program Files\Kruptos\Kruptos 2\KruptosShell.dll
2013-10-30 11:35 - 2014-11-25 19:42 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-09-23 17:25 - 2014-08-13 14:23 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-09-23 17:25 - 2014-08-13 14:23 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-09-23 17:25 - 2014-08-13 14:23 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll