1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Stop C0000135 The program can't start because %hs is missing from your computer.

Discussion in 'Windows 7' started by jacksroller, Jan 5, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    Hello all,
    This is the first time I have ever asked for help on an online forum, in most cases I have been able to fix the problem myself, however on this occasion I am completely flummoxed.
    My computer in stuck in a loop boot cycle. If I disable the loop boot option thingy that is located by pressing F8 the following blue screen and message is displayed: "
    STOP: C0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix the problem”
    I have absolutely no idea what has caused this problem and it is a first for me. I have read of many other people on the Internet having the same problem, it is often associated AVG antivirus. I can confirm that I have never had this software installed on my computer.
    Please see the following link. This would link refers to a thread closed that describes my problem to the letter and also offered a fix, would have similar fix to this be needed for my computer?
    http://forums.techguy.org/windows-7/1110910-windows-7-cant-start-because.html
    Approximately 2 weeks ago I cloned the hard drive that is now not working. I connected the the clone drive to my PC and showing off be booted up with no problems. Then I proceeded to copy over my emails and their contents of the desktop from a nonworking drive to the working drive. I then uninstalled the Acronis which is completely random I know. It’s not a program that I’ve ever used and just didn’t want on my PC any more. After a reboot I then got exactly the same error message and blue screen on the cloned drive. I have plugged both drives externally into a laptop and scanned them with Malwarebytes. A few issues were found but I don’t believe that they contributed to this problem.
    As mentioned in the closed thread I have used the tool FARBAR36.exe to scan my computer. Would it be ok for me to show the scan results here?
    Thank you again for all that take the time to read my post.
     

    Attached Files:

    • FRST.txt
      File size:
      40.8 KB
      Views:
      100
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    I'm just posting the log for easier reference:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
    Ran by SYSTEM on MININT-G4GGKBH on 04-01-2014 15:21:24
    Running from F:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4030008 2011-08-09] (ESET)
    HKLM-x32\...\Run: [Ai Nap] - C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [1435136 2009-07-01] ()
    HKLM-x32\...\Run: [QFan Help] - C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
    HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [VMonitorVMUVC] - C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
    HKU\Christopher\...\Run: [aliim] - P:\Trademanager\AliIM.exe /autorun
    HKU\Christopher\...\Run: [AdobeBridge] - [x]
    HKU\Christopher\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
    HKU\Christopher\...\Run: [Google Update] - C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-31] (Google Inc.)
    HKU\Christopher\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Christopher\...\Run: [NVIDIA nTune] - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
    AppInit_DLLs: acaptuser64.dll [ ] ()
    Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    BootExecute: autocheck autochk * auto_reactivate \\?\Volume{98119604-90D0-11E1-8225-806E6F6E6963}\bootwiz\asrm.bin

    ==================== Services (Whitelisted) =================

    S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
    S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-08-09] (ESET)
    S2 MDES; C:\Program Files (x86)\Express Gate\Express Gate Tools\DVMExportService.exe [315392 2009-02-18] (DeviceVM)
    S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA)
    S3 CoordinatorServiceHost; P:\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
    S2 MBAMScheduler; "P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]
    S2 MBAMService; "P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
    S3 Microsoft SharePoint Workspace Audit Service; "P:\Office 2010\Office14\GROOVE.EXE" /auditservice [x]
    S2 RemoteSolverDispatcher; "P:\SolidWorks\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe" "SOFTWARE\SRAC\COSMOS_FloWorks 2013" [x]
    S2 SBSDWSCService; P:\spybot\Spybot - Search & Destroy\SDWinSec.exe [x]

    ==================== Drivers (Whitelisted) ====================

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
    S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
    S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
    S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
    S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-01-20] ()
    S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [14216 2010-01-20] ()
    S0 EUBAKUP; C:\Windows\SysWow64\drivers\eubakup.sys [30600 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [137608 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 EUDSKACS; C:\Windows\sysWow64\drivers\eudskacs.sys [17800 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    S0 EUFS; C:\Windows\SysWow64\drivers\eufs.sys [26504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-01-20] ()
    S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [8456 2010-01-20] ()
    S3 LGDDCDevice; C:\Windows\SysWow64\LGI2CDriver.sys [16384 2012-02-16] (LG Soft India)
    S3 LGII2CDevice; C:\Windows\SysWow64\LGPII2CDriver.sys [10240 2012-05-23] (LG Soft India)
    S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [43456 2010-10-01] (http://libusb-win32.sourceforge.net)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S0 mrdd; C:\Windows\System32\DRIVERS\mrdd.sys [22568 2008-11-11] (Marvell Semiconductor, Inc.)
    S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
    S0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
    S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
    S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
    S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
    S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
    S3 PCANDIS4; \??\C:\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ========================== Drivers MD5 =======================

    C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\61883.sys E0A8525A951ADDB4655BC2068566407D
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\avc.sys 16FABE84916623D0607E4A975544032C
    C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bcmwl664.sys FB4FDA64F2E8552EAEB5986C3F34462C
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
    C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ssudbus.sys 0B3F6C8F93C5C25977EA5A8B2E656357
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\eamonm.sys 13533557D01B88C83110D5CF749F14D7
    C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ehdrv.sys E097728129E7B79BF1089D7AEF42332B
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\epfwwfpr.sys 2380976CF8A4A56611F35633ACD2A74F
    C:\Windows\system32\epmntdrv.sys 9EAFB3B3B60B8AD958985152A9309ACA
    C:\Windows\SysWow64\epmntdrv.sys 539CA34FBC74EC366A0D751028C32A08
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\SysWow64\drivers\eubakup.sys 6D13299A665EF7AD2D791CA347005C01
    C:\Windows\System32\DRIVERS\EuDisk.sys CE1F5CDCD1DF4B0B574033B37784B57F
    C:\Windows\sysWow64\drivers\eudskacs.sys 081A23848C5C2C3076E55047321B28CD
    C:\Windows\SysWow64\drivers\eufs.sys D5D5D5EC9918A0141EF9E2992CC85A49
    C:\Windows\system32\EuGdiDrv.sys FB949ED2C93C878A189039F3D7730942
    C:\Windows\SysWow64\EuGdiDrv.sys 1F2F4AB15CE03ECC257FEB2F6DC5A013
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\fltsrv.sys 5F427F7759FEED976C1F5DF4552489E5
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
    C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\SysWow64\LGI2CDriver.sys E400912D3DEF3F9675707D253D6134B7
    C:\Windows\SysWow64\LGPII2CDriver.sys 54CAB8C74476F365DD63481418F1B46B
    C:\Windows\System32\drivers\libusb0.sys 285954C6C6EF43B78AB84034750FAC6A
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\LVUSBS64.sys 6562FCEE704F14C05F5338B147D67A16
    C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrdd.sys DCB850CBE2DEEC5BC9609464FF3BC413
    C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\msdv.sys 72949A24D37A20A54B3D4D3DADBB55E9
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mv61xx.sys 1F5C9629340843F13ECF692CFA055756
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netr28x.sys 1DE5F324A028C810D3D6DFACCFD72B80
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nvlddmkm.sys 0A2F27B5BCC45B64E152DD6AE0815198
    C:\Windows\nvoclk64.sys 241A095631570A9CEF4F126C87605C60
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\LV561V64.SYS DB5C32A4130E6B36CD6ED7A5A6C7751E
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\snapman.sys FAC097986BB4375DAB59706E16829240
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\System32\DRIVERS\ssudmdm.sys EA8F41484CCC5BA6A1455C2AD3D1BE3C
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
    C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
    C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
    C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
    C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
    C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
    C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
    C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
    C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
    C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
    C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
    C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
    C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
    C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\VMUVC.sys DE96EF88C1EB0CE2FE68BEC3DF1BCAAA
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vvftUVC.sys 9D9FE9E24F03AD87324245F516BEDAE5
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-04 15:21 - 2014-01-04 15:21 - 00000000 ____D C:\FRST
    2014-01-03 11:48 - 2014-01-03 11:48 - 00003216 ____N C:\bootsqm.dat
    2014-01-03 11:47 - 2014-01-03 11:47 - 00000000 __SHD C:\found.002
    2014-01-03 07:10 - 2014-01-03 07:11 - 00000000 ____D C:\Users\Christopher\AppData\Local\{925F79BF-D484-45A4-9F27-6527429EF605}
    2014-01-03 05:24 - 2014-01-03 05:24 - 00000000 ____D C:\Users\Christopher\AppData\Local\{399FED6C-54C8-4DD0-9837-92C1F31B398A}
    2013-12-17 12:08 - 2009-12-02 04:21 - 00026504 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\SysWOW64\Drivers\eufs.sys
    2013-12-17 12:07 - 2013-12-17 12:07 - 00000830 _____ C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
    2013-12-17 12:07 - 2009-12-02 04:20 - 00137608 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\System32\Drivers\EuDisk.sys
    2013-12-17 12:07 - 2009-12-02 04:20 - 00030600 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\SysWOW64\Drivers\eubakup.sys
    2013-12-17 12:07 - 2009-12-02 04:20 - 00017800 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\SysWOW64\Drivers\eudskacs.sys
    2013-12-16 23:37 - 2013-12-17 11:37 - 00000000 ____D C:\Users\Christopher\AppData\Local\{DA84C86A-7EE4-43FB-A3C1-4A5E201646E2}
    2013-12-16 11:36 - 2013-12-16 11:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F90B2B5C-5DF4-46D9-AEE4-F250377B5E7C}
    2013-12-15 23:36 - 2013-12-15 23:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{479B07AE-2D74-409B-AF04-B6F6690928DB}
    2013-12-15 03:44 - 2013-12-15 03:44 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5D7F1445-4702-419E-991A-BDDEF39BCB66}
    2013-12-14 03:36 - 2013-12-14 03:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{E1738A61-974A-4467-97B6-65B82CEFAB1B}
    2013-12-13 14:18 - 2013-12-13 14:18 - 03556696 _____ (Acronis) C:\Windows\System32\auto_reactivate.exe
    2013-12-13 14:18 - 2013-12-13 14:18 - 00000000 _RSHD C:\bootwiz
    2013-12-13 14:06 - 2013-12-13 14:06 - 01322120 _____ (Acronis) C:\Windows\System32\Drivers\tib_mounter.sys
    2013-12-13 14:06 - 2013-12-13 14:06 - 00340104 _____ (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2013-12-13 14:06 - 2013-12-13 14:06 - 00156296 _____ (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
    2013-12-13 14:05 - 2013-12-13 14:05 - 00000020 ___SH C:\Users\Acronis Agent User\ntuser.ini
    2013-12-13 14:05 - 2012-04-04 09:06 - 00000000 ____D C:\Users\Acronis Agent User\AppData\Local\Microsoft Help
    2013-12-13 14:05 - 2012-04-03 14:55 - 00000000 ____D C:\Users\Acronis Agent User\AppData\Roaming\Macromedia
    2013-12-13 14:03 - 2014-01-03 11:36 - 00000000 ____D C:\ProgramData\Acronis
    2013-12-13 13:56 - 2013-12-13 13:56 - 00000764 _____ C:\Windows\PFRO.log
    2013-12-13 12:59 - 2013-12-13 12:59 - 00000000 ____D C:\Users\Christopher\AppData\Local\{96A4600F-7465-4A6C-933F-63150A2D22C2}
    2013-12-13 00:16 - 2013-12-13 00:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\{CE1B75F0-2413-4EDB-8978-F2BD8BC8C843}
    2013-12-12 11:17 - 2013-12-12 11:17 - 01204283 _____ C:\Users\Christopher\Downloads\P5Q-ASUS-DELUXE-2301.zip
    2013-12-12 11:08 - 2013-12-12 11:09 - 10028912 _____ (Akamai Technologies, Inc.) C:\Users\Christopher\Downloads\AsusInstaller.exe
    2013-12-12 09:07 - 2013-02-09 05:25 - 03035306 _____ C:\Windows\System32\nvcoproc.bin
    2013-12-12 09:06 - 2013-12-12 09:06 - 00000000 ____D C:\Users\Christopher\AppData\Local\{43FCDABB-12C6-4C91-B818-14534AF6C5EB}
    2013-12-12 00:20 - 2013-12-12 09:04 - 00000000 ____D C:\Program Files\WhoCrashed
    2013-12-12 00:05 - 2013-12-12 00:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{7C4F3EBA-2F07-4B79-819A-49F1C6C9AF78}
    2013-12-11 11:35 - 2013-12-11 11:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{507672C5-94B0-4934-8524-84ED3B2C1D5D}
    2013-12-10 23:35 - 2013-12-10 23:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{A9F2EEEB-A4BA-4BE5-B22C-8CEB6A32E7E9}
    2013-12-09 23:34 - 2013-12-10 11:34 - 00000000 ____D C:\Users\Christopher\AppData\Local\{1C3BD2D6-A667-4E53-9497-2E1FC7E19072}
    2013-12-08 23:30 - 2013-12-09 11:31 - 00000000 ____D C:\Users\Christopher\AppData\Local\{2D7DF771-DBA4-46A4-8050-0C108B42B1A2}
    2013-12-08 04:10 - 2013-12-08 04:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8BD5D8B6-F597-4605-BAE7-649A244E3246}
    2013-12-06 00:12 - 2013-12-06 12:12 - 00000000 ____D C:\Users\Christopher\AppData\Local\{E4AF3651-1682-423B-AAEB-4619D09F748A}
    2013-12-05 00:11 - 2013-12-05 12:12 - 00000000 ____D C:\Users\Christopher\AppData\Local\{7A85E6BE-1B17-48A1-8F83-78565EC782F9}

    ==================== One Month Modified Files and Folders =======

    2014-01-04 15:21 - 2014-01-04 15:21 - 00000000 ____D C:\FRST
    2014-01-03 11:48 - 2014-01-03 11:48 - 00003216 ____N C:\bootsqm.dat
    2014-01-03 11:47 - 2014-01-03 11:47 - 00000000 __SHD C:\found.002
    2014-01-03 11:44 - 2012-04-03 10:55 - 00000000 ____D C:\Users\Christopher\Documents\Outlook Files
    2014-01-03 11:37 - 2012-11-15 00:13 - 02070093 _____ C:\Windows\WindowsUpdate.log
    2014-01-03 11:37 - 2012-04-02 13:15 - 00000177 ____H C:\dvmexp.idx
    2014-01-03 11:36 - 2013-12-13 14:03 - 00000000 ____D C:\ProgramData\Acronis
    2014-01-03 11:36 - 2009-07-13 20:45 - 00029200 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-03 11:36 - 2009-07-13 20:45 - 00029200 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-03 11:35 - 2009-07-13 21:13 - 00010624 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-03 11:31 - 2013-12-04 23:31 - 00013358 _____ C:\Windows\setupact.log
    2014-01-03 11:31 - 2013-03-05 05:07 - 00000000 ____D C:\ProgramData\boost_interprocess
    2014-01-03 11:31 - 2012-05-02 10:30 - 04485120 ___SH C:\Users\Christopher\Desktop\Thumbs.db
    2014-01-03 11:31 - 2012-04-30 10:57 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Dropbox
    2014-01-03 11:31 - 2012-04-29 15:11 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
    2014-01-03 11:31 - 2012-04-29 15:11 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
    2014-01-03 11:31 - 2012-04-04 08:51 - 00000000 ____D C:\Users\Christopher\Tracing
    2014-01-03 11:31 - 2012-04-04 07:07 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Skype
    2014-01-03 11:31 - 2012-04-02 11:56 - 00000000 ____D C:\ProgramData\NVIDIA
    2014-01-03 11:31 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-03 07:11 - 2014-01-03 07:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{925F79BF-D484-45A4-9F27-6527429EF605}
    2014-01-03 05:34 - 2012-04-03 14:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\Adobe
    2014-01-03 05:24 - 2014-01-03 05:24 - 00000000 ____D C:\Users\Christopher\AppData\Local\{399FED6C-54C8-4DD0-9837-92C1F31B398A}
    2014-01-03 05:24 - 2012-04-02 12:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-17 14:08 - 2012-04-02 12:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-12-17 12:07 - 2013-12-17 12:07 - 00000830 _____ C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
    2013-12-17 11:43 - 2012-07-31 06:54 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000UA.job
    2013-12-17 11:43 - 2012-07-31 06:54 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000Core.job
    2013-12-17 11:37 - 2013-12-16 23:37 - 00000000 ____D C:\Users\Christopher\AppData\Local\{DA84C86A-7EE4-43FB-A3C1-4A5E201646E2}
    2013-12-17 05:42 - 2012-06-19 14:14 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Luxology
    2013-12-17 05:35 - 2012-06-18 11:40 - 00000000 ____D C:\Users\Christopher\AppData\Local\TempSWBackupDirectory
    2013-12-17 04:43 - 2012-06-18 10:14 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\SolidWorks
    2013-12-16 11:36 - 2013-12-16 11:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F90B2B5C-5DF4-46D9-AEE4-F250377B5E7C}
    2013-12-15 23:36 - 2013-12-15 23:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{479B07AE-2D74-409B-AF04-B6F6690928DB}
    2013-12-15 03:44 - 2013-12-15 03:44 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5D7F1445-4702-419E-991A-BDDEF39BCB66}
    2013-12-14 03:36 - 2013-12-14 03:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{E1738A61-974A-4467-97B6-65B82CEFAB1B}
    2013-12-13 14:18 - 2013-12-13 14:18 - 03556696 _____ (Acronis) C:\Windows\System32\auto_reactivate.exe
    2013-12-13 14:18 - 2013-12-13 14:18 - 00000000 _RSHD C:\bootwiz
    2013-12-13 14:06 - 2013-12-13 14:06 - 01322120 _____ (Acronis) C:\Windows\System32\Drivers\tib_mounter.sys
    2013-12-13 14:06 - 2013-12-13 14:06 - 00340104 _____ (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2013-12-13 14:06 - 2013-12-13 14:06 - 00156296 _____ (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
    2013-12-13 14:05 - 2013-12-13 14:05 - 00000020 ___SH C:\Users\Acronis Agent User\ntuser.ini
    2013-12-13 13:56 - 2013-12-13 13:56 - 00000764 _____ C:\Windows\PFRO.log
    2013-12-13 12:59 - 2013-12-13 12:59 - 00000000 ____D C:\Users\Christopher\AppData\Local\{96A4600F-7465-4A6C-933F-63150A2D22C2}
    2013-12-13 00:16 - 2013-12-13 00:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\{CE1B75F0-2413-4EDB-8978-F2BD8BC8C843}
    2013-12-12 11:17 - 2013-12-12 11:17 - 01204283 _____ C:\Users\Christopher\Downloads\P5Q-ASUS-DELUXE-2301.zip
    2013-12-12 11:16 - 2012-04-02 12:45 - 00000000 ____D C:\Users\Christopher\AppData\Local\Akamai
    2013-12-12 11:09 - 2013-12-12 11:08 - 10028912 _____ (Akamai Technologies, Inc.) C:\Users\Christopher\Downloads\AsusInstaller.exe
    2013-12-12 09:07 - 2012-04-02 11:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-12-12 09:06 - 2013-12-12 09:06 - 00000000 ____D C:\Users\Christopher\AppData\Local\{43FCDABB-12C6-4C91-B818-14534AF6C5EB}
    2013-12-12 09:06 - 2012-04-02 11:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-12-12 09:05 - 2012-04-02 11:35 - 00000000 ____D C:\users\Christopher
    2013-12-12 09:04 - 2013-12-12 00:20 - 00000000 ____D C:\Program Files\WhoCrashed
    2013-12-12 09:04 - 2012-04-29 15:11 - 00000000 ____D C:\Windows\AutoKMS
    2013-12-12 09:04 - 2012-04-05 01:23 - 00000000 ____D C:\ProgramData\FLEXnet
    2013-12-12 09:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-12-12 09:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2013-12-12 00:05 - 2013-12-12 00:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{7C4F3EBA-2F07-4B79-819A-49F1C6C9AF78}
    2013-12-11 11:35 - 2013-12-11 11:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{507672C5-94B0-4934-8524-84ED3B2C1D5D}
    2013-12-10 23:35 - 2013-12-10 23:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{A9F2EEEB-A4BA-4BE5-B22C-8CEB6A32E7E9}
    2013-12-10 11:34 - 2013-12-09 23:34 - 00000000 ____D C:\Users\Christopher\AppData\Local\{1C3BD2D6-A667-4E53-9497-2E1FC7E19072}
    2013-12-09 11:31 - 2013-12-08 23:30 - 00000000 ____D C:\Users\Christopher\AppData\Local\{2D7DF771-DBA4-46A4-8050-0C108B42B1A2}
    2013-12-08 04:10 - 2013-12-08 04:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8BD5D8B6-F597-4605-BAE7-649A244E3246}
    2013-12-06 12:12 - 2013-12-06 00:12 - 00000000 ____D C:\Users\Christopher\AppData\Local\{E4AF3651-1682-423B-AAEB-4619D09F748A}
    2013-12-05 12:12 - 2013-12-05 00:11 - 00000000 ____D C:\Users\Christopher\AppData\Local\{7A85E6BE-1B17-48A1-8F83-78565EC782F9}

    Some content of TEMP:
    ====================
    C:\Users\Christopher\AppData\Local\Temp\SkypeSetup.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    path \bootmgr
    description Windows Boot Manager
    locale en-us
    inherit {globalsettings}
    default {default}
    resumeobject {a365535a-90cc-11e1-9df7-806e6f6e6963}
    displayorder {default}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {1a7699b1-90cc-11e1-8c7d-00121794b278}
    device ramdisk=[C:]\Recovery\6be47055-4625-11df-86a2-d52f9a9f514b\Winre.wim,{1a7699b2-90cc-11e1-8c7d-00121794b278}
    path \windows\system32\winload.exe
    description Windows Recovery Environment (recovered)
    locale
    osdevice ramdisk=[C:]\Recovery\6be47055-4625-11df-86a2-d52f9a9f514b\Winre.wim,{1a7699b2-90cc-11e1-8c7d-00121794b278}
    systemroot \windows
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {default}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7 Ultimate (recovered)
    locale en-US
    osdevice partition=C:
    systemroot \Windows
    resumeobject {a365535a-90cc-11e1-9df7-806e6f6e6963}

    Windows Boot Loader
    -------------------
    identifier {bdc2fe57-9113-11e1-82cb-9580007a808e}

    Windows Boot Loader
    -------------------
    identifier {bdc2fe59-9113-11e1-82cb-9580007a808e}

    Windows Boot Loader
    -------------------
    identifier {bdc2fe5b-9113-11e1-82cb-9580007a808e}

    Resume from Hibernate
    ---------------------
    identifier {1a7699ad-90cc-11e1-8c7d-00121794b278}
    device unknown
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-us
    inherit {resumeloadersettings}
    filedevice unknown
    filepath \hiberfil.sys
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {a365535a-90cc-11e1-9df7-806e6f6e6963}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows 7 Ultimate (recovered)
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-us
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {1a7699b2-90cc-11e1-8c7d-00121794b278}
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\6be47055-4625-11df-86a2-d52f9a9f514b\boot.sdi

    Device options
    --------------
    identifier {bdc2fe58-9113-11e1-82cb-9580007a808e}
    ramdisksdidevice unknown
    ramdisksdipath \Recovery\405a20fb-9011-11e1-b589-dd5dc6574708\boot.sdi

    Device options
    --------------
    identifier {bdc2fe5a-9113-11e1-82cb-9580007a808e}
    ramdisksdidevice unknown
    ramdisksdipath \Recovery\6be47055-4625-11df-86a2-d52f9a9f514b\boot.sdi

    Device options
    --------------
    identifier {bdc2fe5c-9113-11e1-82cb-9580007a808e}
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\6be47055-4625-11df-86a2-d52f9a9f514b\boot.sdi


    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 4095.05 MB
    Available physical RAM: 3300.09 MB
    Total Pagefile: 4093.25 MB
    Available Pagefile: 3355.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: (SSD Windows 7) (Fixed) (Total:103.5 GB) (Free:38.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (SSD Programs) (Fixed) (Total:15.75 GB) (Free:4.55 GB) NTFS
    Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
    Drive f: (JOSH&ALEX) (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238 GB) (Disk ID: DF88DEA1)
    Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=16 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


    LastRegBack: 2013-12-09 23:51

    ==================== End Of Log ============================
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    We need to take out an entry left behind by Acronis to see if it will help.

    Is there a good reason why this is on your system: C:\Windows\AutoKMS

    Open Notepad and Copy & Paste the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select Copy then right click in the Notepad window and select Paste. Save it to the flashdrive as fixlist.txt <--- it is very important to spell this name exactly as written here.

    Code:
    BootExecute: autocheck autochk * auto_reactivate \\?\Volume{98119604-90D0-11E1-8225-806E6F6E6963}\bootwiz\asrm.bin
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Plug the Flash Drive back into the infected PC and enter the System Recovery Options and select the Command Prompt using the same instructions you followed to run the first scan.

    • In the command window type e:\frst.exe (or for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
      NOTE: if you receive an error message "the system cannot find the drive specified" go back into Notepad and check the drive letter for the Flash Drive.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log on the flashdrive (Fixlog.txt) please Copy & Paste it into your next reply.
     
  4. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    Thank you for your reply. I am new to all of this, so I hope I have done everything correctly. Auto KMS seems to be a keygen or virus, maybe this is the problem? Can I delete this? Please see the code you asked for below. Again many thanks for your help so far.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
    Ran by SYSTEM at 2014-01-06 02:36:13 Run:1
    Running from F:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    BootExecute: autocheck autochk * auto_reactivate \\?\Volume{98119604-90D0-11E1-8225-806E6F6E6963}\bootwiz\asrm.bin
    *****************

    HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.

    ==== End of Fixlog ====
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome. The fix has run ok, but you have not indicated if the system will now boot up.

    AutoKMS is a well known patch to by pass validation of Microsoft Office. It is not a virus and if you are completely unaware of how it got onto your PC then you have most likely purchased an illegal copy of Office.
     
  6. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    I must apologize, I had no idea it was a fix you sent to me, I thought it was meant to just produce another log file for you. When I read your replay this morning, the penny dropped. I immediately rebooted to see what would happen, and sure enough the computer works as normal. I cannot thank you enough. I never ask for help on forums such as this as I thought that no one would be able to help, thank you. So many other forums have told people with this error message to just reinstall without even trying to fix. Would you mind telling me what the problem was, what caused it and what is was you did to make it work? In laymen&#8217;s speak would be good please, I think would also be nice for others to know who will come across this thread in the future.
    Is there an option to also leave a donation for your help? If so please tell me how. Once again thank you for all your help, I really do appreciate it.

    Kindest Regards

    Christopher
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Not a problem and glad to hear that fix got you up and running again. There is a Donate button at the top of the page if you wish to make a contribution to the site.

    To explain the problem and what fixed it. Acronis left behind an entry (the one we removed with FRST) which tried to launch the program at startup. As the program had been uninstalled it stopped the system during boot up because it could not locate the files it was looking for. This is not an uncommon problem when uninstalling software that leaves remnants behind.

    Now the system is booting correctly you can run FRST directly from the desktop. I will then be able to take out any other remnants and deal with the illegal patch used for Office. Did you buy your copy of Office or obtain it from a free download.

    These are the instructions to run FRST from your desktop, I've included another scan to do a check for Adware.

    Use IE for the downloads and make this change to the settings so downloads go to the desktop and not the downloads folder.

    How to change the download location in IE9, 10 or 11.

    • Open Internet Explorer.
    • Press the CTRL + J keys simultaneously to open the View Downloads window.
    • Click on Options.
    • Click on the Browse button.
    • Navigate to and select (highlight) Desktop in the left pane, then click on the Select Folder button, click on OK and shut the remaining window.
    • Close IE and re-open it for the changes to take effect.



    SCAN 1
    Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click on FRST to run it. When the tool opens click Yes to disclaimer.
    • Press theScan button.
    • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
    • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.



    SCAN 2
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

    [​IMG]
     
  8. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
    Ran by Christopher (administrator) on CHRISTOPHER-PC on 06-01-2014 22:40:30
    Running from C:\Users\Christopher\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Malwarebytes Corporation) P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    (Malwarebytes Corporation) P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
    (DeviceVM) C:\Program Files (x86)\Express Gate\Express Gate Tools\DVMExportService.exe
    (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    (Malwarebytes Corporation) P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe
    (Mentor Graphics Corporation) P:\SolidWorks\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
    (Mentor Graphics Corporation) P:\SolidWorks\SolidWorks Flow Simulation\binCFW\dispatcher.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer Networking Ltd.) P:\spybot\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    (Samsung) P:\Kies for kim phone\Kies\Kies.exe
    (Dassault Systèmes SolidWorks Corp.) P:\SolidWorks\SolidWorks\sldworks_fs.exe
    () C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    (Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    () C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
    (Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4030008 2011-08-09] (ESET)
    HKLM-x32\...\Run: [Ai Nap] - C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [1435136 2009-07-01] ()
    HKLM-x32\...\Run: [QFan Help] - C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
    HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [VMonitorVMUVC] - C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
    HKCU\...\Run: [aliim] - P:\Trademanager\AliIM.exe [293272 2013-08-22] (Alibaba (China) Co., Ltd.)
    HKCU\...\Run: [AdobeBridge] - [x]
    HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
    HKCU\...\Run: [Google Update] - C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-31] (Google Inc.)
    HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKCU\...\Run: [NVIDIA nTune] - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
    HKCU\...\Run: [] - P:\Kies for kim phone\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
    HKCU\...\Run: [KiesPreload] - P:\Kies for kim phone\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
    AppInit_DLLs: acaptuser64.dll [ ] ()
    Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (All) ===========================

    HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - P:\spybot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - No File
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - No File
    Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    Handler-x32: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6721936 2011-06-12] (Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Office 2010\Office14\GROOVEEX.DLL [4221328 2011-06-12] (Microsoft Corporation)
    Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Winsock: Catalog5-x64 01 %SystemRoot%\system32\NLAapi.dll [70656] (Microsoft Corporation)
    Winsock: Catalog5-x64 02 %SystemRoot%\system32\napinsp.dll [68096] (Microsoft Corporation)
    Winsock: Catalog5-x64 03 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
    Winsock: Catalog5-x64 04 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
    Winsock: Catalog5-x64 05 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog5-x64 06 %SystemRoot%\System32\winrnr.dll [28672] (Microsoft Corporation)
    Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    Winsock: Catalog9-x64 01 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 02 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 03 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 04 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 05 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 06 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 07 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 08 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 09 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Winsock: Catalog9-x64 10 %SystemRoot%\system32\mswsock.dll [326144] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\eo1ljh33.default
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - P:\Trademanager\npwangwang.dll ( )
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - P:\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - P:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - P:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - P:\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christopher\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christopher\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bing.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\twitter.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo.xml
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF HKLM-x32\...\Mozilla Firefox 24.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
    FF HKLM-x32\...\Mozilla Firefox 24.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

    Chrome:
    =======
    CHR HomePage:
    CHR DefaultSearchKeyword: google.co.uk
    CHR DefaultSearchProvider: Google
    CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Adobe Acrobat) - P:\Adobe Acrobat Reader\Acrobat\Browser\nppdf32.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    CHR Plugin: (Google Update) - C:\Users\Christopher\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Microsoft Office 2010) - P:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - P:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - P:\Trademanager\npwangwang.dll ( )
    CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Replace New Tab Page) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja\1.2_0
    CHR Extension: (Google Search) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0
    CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
    CHR Extension: (Gmail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
    CHR StartMenuInternet: Google Chrome - "C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe"

    ==================== Services (Whitelisted) =================

    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
    S3 CoordinatorServiceHost; P:\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe [76904 2012-09-28] (Dassault Systèmes SolidWorks Corp.)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-08-09] (ESET)
    R2 MBAMScheduler; P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; P:\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MDES; C:\Program Files (x86)\Express Gate\Express Gate Tools\DVMExportService.exe [315392 2009-02-18] (DeviceVM)
    S3 Microsoft SharePoint Workspace Audit Service; P:\Office 2010\Office14\GROOVE.EXE [31125880 2011-06-12] (Microsoft Corporation)
    R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA)
    R2 RemoteSolverDispatcher; P:\SolidWorks\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation)
    R2 SBSDWSCService; P:\spybot\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
    R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
    R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-01-20] ()
    S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [14216 2010-01-20] ()
    R0 EUBAKUP; C:\Windows\SysWow64\drivers\eubakup.sys [30600 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [137608 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 EUDSKACS; C:\Windows\sysWow64\drivers\eudskacs.sys [17800 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    R0 EUFS; C:\Windows\SysWow64\drivers\eufs.sys [26504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-01-20] ()
    S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [8456 2010-01-20] ()
    S3 LGDDCDevice; C:\Windows\SysWow64\LGI2CDriver.sys [16384 2012-02-16] (LG Soft India)
    S3 LGII2CDevice; C:\Windows\SysWow64\LGPII2CDriver.sys [10240 2012-05-23] (LG Soft India)
    S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [43456 2010-10-02] (http://libusb-win32.sourceforge.net)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R0 mrdd; C:\Windows\System32\DRIVERS\mrdd.sys [22568 2008-11-12] (Marvell Semiconductor, Inc.)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
    R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
    R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-12-13] (Acronis)
    S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
    S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
    R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
    S3 PCANDIS4; \??\C:\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-06 22:40 - 2014-01-06 22:40 - 00033189 _____ C:\Users\Christopher\Desktop\FRST.txt
    2014-01-06 22:26 - 2014-01-06 22:27 - 01931762 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
    2014-01-06 22:18 - 2014-01-06 22:18 - 00003001 _____ C:\Users\Christopher\Desktop\AdwCleaner[S0].txt
    2014-01-06 22:17 - 2014-01-06 22:17 - 00000000 ____D C:\ProgramData\boost_interprocess
    2014-01-06 22:13 - 2014-01-06 22:15 - 00000000 ____D C:\AdwCleaner
    2014-01-06 22:10 - 2014-01-06 22:10 - 01233962 _____ C:\Users\Christopher\Desktop\AdwCleaner.exe
    2014-01-06 22:05 - 2014-01-06 22:16 - 00006949 ____N C:\Windows\WindowsUpdate.log
    2014-01-06 15:05 - 2014-01-06 15:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{0FBD7E88-4FD7-4C7F-8413-82D46E19C4BD}
    2014-01-06 13:49 - 2014-01-06 13:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F607590F-0600-4946-8CB2-36D3F6A3DA6D}
    2014-01-06 13:42 - 2010-05-30 10:51 - 06361088 _____ (Martin Prikryl) C:\Users\Christopher\Desktop\WinSCP.exe
    2014-01-06 13:40 - 2013-08-01 18:42 - 00001086 _____ C:\Users\Christopher\Desktop\MicroCapture.lnk
    2014-01-06 13:40 - 2013-06-27 15:28 - 05442530 _____ C:\Users\Christopher\Desktop\smaller video converted.wmv
    2014-01-06 13:40 - 2013-06-14 19:35 - 00001865 _____ C:\Users\Christopher\Desktop\Jacks-Server (DSL-N55U) - Shortcut.lnk
    2014-01-06 13:40 - 2013-06-09 21:17 - 00001053 _____ C:\Users\Christopher\Desktop\Dropbox.lnk
    2014-01-06 13:36 - 2014-01-06 13:59 - 00000000 ___RD C:\Users\Christopher\Desktop\Star Signs to Print
    2014-01-06 13:36 - 2014-01-06 13:36 - 00000000 ____D C:\Users\Christopher\Desktop\svg files
    2014-01-06 13:32 - 2014-01-06 22:17 - 00000000 ___RD C:\Users\Christopher\Desktop\Dropbox
    2014-01-06 13:32 - 2014-01-06 15:27 - 00000000 ____D C:\Users\Christopher\Desktop\Heisenberg Says
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\eBay code
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touck Kim!
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touch kim 150 x 100
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touch Kim 100 x 250
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touch Kim 100 x 200
    2014-01-06 13:10 - 2014-01-06 13:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{B58741DA-8B1D-4BE2-B307-22B6198D5EE1}
    2014-01-06 12:28 - 2014-01-06 22:23 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Skype
    2014-01-06 12:18 - 2014-01-06 12:18 - 00000000 ____D C:\Users\Christopher\AppData\Local\{4BE286A3-E6D0-4501-9317-B023D32F33C1}
    2014-01-06 12:16 - 2014-01-06 12:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\{AC8D70E5-30EE-4432-8114-FB48DB388C05}
    2014-01-06 12:14 - 2014-01-06 12:14 - 00000000 ____D C:\Users\Christopher\AppData\Local\{434B5DB8-9118-4A8A-944F-1766A799C3FB}
    2014-01-06 06:54 - 2014-01-06 06:54 - 00000000 ____D C:\NBRT
    2014-01-04 06:28 - 2014-01-04 06:28 - 00000000 ____D C:\FRST
    2014-01-02 12:10 - 2014-01-02 12:11 - 00000000 ____D C:\Users\Christopher\AppData\Local\{190CC1D3-86A9-404C-8C79-A91417872025}
    2013-12-31 23:17 - 2013-12-31 23:17 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F2F12CE8-DB0F-4052-B835-72E89EC11349}
    2013-12-29 18:02 - 2013-12-29 18:02 - 00000000 ____D C:\Users\Christopher\AppData\Local\{49A066D3-5D57-4762-8EF4-FD4B17D94A0B}
    2013-12-27 16:36 - 2013-12-27 16:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{4A6FEC1C-190B-4D35-A45C-C7CDAB020C75}
    2013-12-26 21:25 - 2013-08-21 04:31 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
    2013-12-26 21:11 - 2013-12-26 21:11 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Christopher\AppData\Local\{CC5B5904-B74A-4F60-A2DD-A778056FDCD8}
    2013-12-25 10:42 - 2013-12-25 22:43 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8B7B8C87-CCCE-4ACE-A775-C155246F95A6}
    2013-12-24 15:30 - 2013-12-24 15:31 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8B43BDE9-539A-4DAC-9BB2-CD3FE337A799}
    2013-12-23 11:05 - 2013-12-23 11:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{DD6E67A9-02EE-450B-8C39-81DDB5624C21}
    2013-12-22 11:04 - 2013-12-22 23:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{3C26BAC7-FFE7-40A4-904C-71C54CA5B1B7}
    2013-12-21 10:23 - 2013-12-21 10:23 - 00000000 ____D C:\Users\Christopher\AppData\Local\{0778338D-87A9-49E8-BADF-F236B5312EAC}
    2013-12-20 07:34 - 2013-12-20 19:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{99660F0C-6445-468F-BFE3-C4896482065C}
    2013-12-19 19:32 - 2013-12-19 19:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5A319711-2C5B-43A3-B801-AE9E5437F3D7}
    2013-12-19 07:32 - 2013-12-19 07:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5BB964D4-1114-44A9-9AFE-C232F8F147E1}
    2013-12-18 07:37 - 2013-12-18 07:37 - 00000000 ____D C:\Users\Christopher\AppData\Local\{930F0F82-6D6D-4815-A728-B483A7EC1CB8}
    2013-12-17 20:35 - 2014-01-06 21:12 - 00000011 _____ C:\Windows\EuBcd.ini
    2013-12-17 20:08 - 2009-12-02 12:21 - 00026504 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\SysWOW64\Drivers\eufs.sys
    2013-12-17 20:07 - 2013-12-17 20:07 - 00000830 _____ C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
    2013-12-17 20:07 - 2009-12-02 12:20 - 00137608 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuDisk.sys
    2013-12-17 20:07 - 2009-12-02 12:20 - 00030600 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\SysWOW64\Drivers\eubakup.sys
    2013-12-17 20:07 - 2009-12-02 12:20 - 00017800 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\SysWOW64\Drivers\eudskacs.sys
    2013-12-17 07:37 - 2013-12-17 19:37 - 00000000 ____D C:\Users\Christopher\AppData\Local\{DA84C86A-7EE4-43FB-A3C1-4A5E201646E2}
    2013-12-16 19:36 - 2013-12-16 19:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F90B2B5C-5DF4-46D9-AEE4-F250377B5E7C}
    2013-12-16 07:36 - 2013-12-16 07:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{479B07AE-2D74-409B-AF04-B6F6690928DB}
    2013-12-15 11:44 - 2013-12-15 11:44 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5D7F1445-4702-419E-991A-BDDEF39BCB66}
    2013-12-14 11:36 - 2013-12-14 11:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{E1738A61-974A-4467-97B6-65B82CEFAB1B}
    2013-12-13 22:18 - 2013-12-13 22:18 - 03556696 _____ (Acronis) C:\Windows\system32\auto_reactivate.exe
    2013-12-13 22:18 - 2013-12-13 22:18 - 00000000 _RSHD C:\bootwiz
    2013-12-13 22:06 - 2013-12-13 22:06 - 01322120 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
    2013-12-13 22:06 - 2013-12-13 22:06 - 00340104 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
    2013-12-13 22:06 - 2013-12-13 22:06 - 00156296 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys
    2013-12-13 20:59 - 2013-12-13 20:59 - 00000000 ____D C:\Users\Christopher\AppData\Local\{96A4600F-7465-4A6C-933F-63150A2D22C2}
    2013-12-13 08:16 - 2013-12-13 08:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\{CE1B75F0-2413-4EDB-8978-F2BD8BC8C843}
    2013-12-12 17:07 - 2013-02-09 13:25 - 03035306 _____ C:\Windows\system32\nvcoproc.bin
    2013-12-12 17:06 - 2013-12-12 17:06 - 00000000 ____D C:\Users\Christopher\AppData\Local\{43FCDABB-12C6-4C91-B818-14534AF6C5EB}
    2013-12-12 08:20 - 2013-12-12 17:04 - 00000000 ____D C:\Program Files\WhoCrashed
    2013-12-12 08:05 - 2013-12-12 08:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{7C4F3EBA-2F07-4B79-819A-49F1C6C9AF78}
    2013-12-11 19:35 - 2013-12-11 19:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{507672C5-94B0-4934-8524-84ED3B2C1D5D}
    2013-12-11 07:35 - 2013-12-11 07:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{A9F2EEEB-A4BA-4BE5-B22C-8CEB6A32E7E9}
    2013-12-10 07:34 - 2013-12-10 19:34 - 00000000 ____D C:\Users\Christopher\AppData\Local\{1C3BD2D6-A667-4E53-9497-2E1FC7E19072}
    2013-12-09 07:30 - 2013-12-09 19:31 - 00000000 ____D C:\Users\Christopher\AppData\Local\{2D7DF771-DBA4-46A4-8050-0C108B42B1A2}
    2013-12-08 12:10 - 2013-12-08 12:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8BD5D8B6-F597-4605-BAE7-649A244E3246}

    ==================== One Month Modified Files and Folders =======

    2014-01-06 22:40 - 2014-01-06 22:40 - 00033189 _____ C:\Users\Christopher\Desktop\FRST.txt
    2014-01-06 22:39 - 2009-07-14 05:13 - 00782790 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-06 22:27 - 2014-01-06 22:26 - 01931762 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
    2014-01-06 22:24 - 2009-07-14 04:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-06 22:24 - 2009-07-14 04:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-06 22:23 - 2014-01-06 12:28 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Skype
    2014-01-06 22:18 - 2014-01-06 22:18 - 00003001 _____ C:\Users\Christopher\Desktop\AdwCleaner[S0].txt
    2014-01-06 22:17 - 2014-01-06 22:17 - 00000000 ____D C:\ProgramData\boost_interprocess
    2014-01-06 22:17 - 2014-01-06 13:32 - 00000000 ___RD C:\Users\Christopher\Desktop\Dropbox
    2014-01-06 22:17 - 2012-04-30 18:57 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Dropbox
    2014-01-06 22:17 - 2012-04-04 16:51 - 00000000 ____D C:\Users\Christopher\Tracing
    2014-01-06 22:17 - 2012-04-02 20:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-06 22:17 - 2012-04-02 19:56 - 00000000 ____D C:\ProgramData\NVIDIA
    2014-01-06 22:17 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-06 22:16 - 2014-01-06 22:05 - 00006949 ____N C:\Windows\WindowsUpdate.log
    2014-01-06 22:15 - 2014-01-06 22:13 - 00000000 ____D C:\AdwCleaner
    2014-01-06 22:10 - 2014-01-06 22:10 - 01233962 _____ C:\Users\Christopher\Desktop\AdwCleaner.exe
    2014-01-06 22:08 - 2012-04-02 20:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-01-06 21:44 - 2012-07-31 14:54 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000UA.job
    2014-01-06 21:12 - 2013-12-17 20:35 - 00000011 _____ C:\Windows\EuBcd.ini
    2014-01-06 19:43 - 2012-07-31 14:54 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000Core.job
    2014-01-06 16:59 - 2012-04-03 18:55 - 00000000 ____D C:\Users\Christopher\Documents\Outlook Files
    2014-01-06 15:35 - 2012-05-02 18:30 - 04576768 ___SH C:\Users\Christopher\Desktop\Thumbs.db
    2014-01-06 15:27 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Heisenberg Says
    2014-01-06 15:05 - 2014-01-06 15:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{0FBD7E88-4FD7-4C7F-8413-82D46E19C4BD}
    2014-01-06 13:59 - 2014-01-06 13:36 - 00000000 ___RD C:\Users\Christopher\Desktop\Star Signs to Print
    2014-01-06 13:49 - 2014-01-06 13:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F607590F-0600-4946-8CB2-36D3F6A3DA6D}
    2014-01-06 13:36 - 2014-01-06 13:36 - 00000000 ____D C:\Users\Christopher\Desktop\svg files
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\eBay code
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touck Kim!
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touch kim 150 x 100
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touch Kim 100 x 250
    2014-01-06 13:32 - 2014-01-06 13:32 - 00000000 ____D C:\Users\Christopher\Desktop\Don't touch Kim 100 x 200
    2014-01-06 13:20 - 2012-04-03 22:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\Adobe
    2014-01-06 13:10 - 2014-01-06 13:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{B58741DA-8B1D-4BE2-B307-22B6198D5EE1}
    2014-01-06 12:18 - 2014-01-06 12:18 - 00000000 ____D C:\Users\Christopher\AppData\Local\{4BE286A3-E6D0-4501-9317-B023D32F33C1}
    2014-01-06 12:16 - 2014-01-06 12:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\{AC8D70E5-30EE-4432-8114-FB48DB388C05}
    2014-01-06 12:15 - 2012-06-18 19:40 - 00000000 ____D C:\Users\Christopher\AppData\Local\TempSWBackupDirectory
    2014-01-06 12:15 - 2012-06-18 18:14 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\SolidWorks
    2014-01-06 12:14 - 2014-01-06 12:14 - 00000000 ____D C:\Users\Christopher\AppData\Local\{434B5DB8-9118-4A8A-944F-1766A799C3FB}
    2014-01-06 06:54 - 2014-01-06 06:54 - 00000000 ____D C:\NBRT
    2014-01-05 18:44 - 2012-10-17 08:27 - 00000000 __SHD C:\found.001
    2014-01-05 18:44 - 2012-04-28 10:54 - 00000000 __SHD C:\found.000
    2014-01-04 06:28 - 2014-01-04 06:28 - 00000000 ____D C:\FRST
    2014-01-02 18:10 - 2012-09-12 21:27 - 00033172 _____ C:\eof.txt
    2014-01-02 12:11 - 2014-01-02 12:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{190CC1D3-86A9-404C-8C79-A91417872025}
    2013-12-31 23:17 - 2013-12-31 23:17 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F2F12CE8-DB0F-4052-B835-72E89EC11349}
    2013-12-29 18:02 - 2013-12-29 18:02 - 00000000 ____D C:\Users\Christopher\AppData\Local\{49A066D3-5D57-4762-8EF4-FD4B17D94A0B}
    2013-12-27 16:36 - 2013-12-27 16:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{4A6FEC1C-190B-4D35-A45C-C7CDAB020C75}
    2013-12-27 16:36 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-26 21:25 - 2013-09-17 12:31 - 00000792 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
    2013-12-26 21:11 - 2013-12-26 21:11 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Christopher\AppData\Local\{CC5B5904-B74A-4F60-A2DD-A778056FDCD8}
    2013-12-25 22:43 - 2013-12-25 10:42 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8B7B8C87-CCCE-4ACE-A775-C155246F95A6}
    2013-12-24 15:31 - 2013-12-24 15:30 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8B43BDE9-539A-4DAC-9BB2-CD3FE337A799}
    2013-12-23 11:05 - 2013-12-23 11:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{DD6E67A9-02EE-450B-8C39-81DDB5624C21}
    2013-12-22 23:05 - 2013-12-22 11:04 - 00000000 ____D C:\Users\Christopher\AppData\Local\{3C26BAC7-FFE7-40A4-904C-71C54CA5B1B7}
    2013-12-22 14:12 - 2013-11-03 17:18 - 00000400 __RSH C:\ProgramData\ntuser.pol
    2013-12-21 10:23 - 2013-12-21 10:23 - 00000000 ____D C:\Users\Christopher\AppData\Local\{0778338D-87A9-49E8-BADF-F236B5312EAC}
    2013-12-20 19:35 - 2013-12-20 07:34 - 00000000 ____D C:\Users\Christopher\AppData\Local\{99660F0C-6445-468F-BFE3-C4896482065C}
    2013-12-19 19:32 - 2013-12-19 19:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5A319711-2C5B-43A3-B801-AE9E5437F3D7}
    2013-12-19 07:32 - 2013-12-19 07:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5BB964D4-1114-44A9-9AFE-C232F8F147E1}
    2013-12-18 08:15 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
    2013-12-18 07:37 - 2013-12-18 07:37 - 00000000 ____D C:\Users\Christopher\AppData\Local\{930F0F82-6D6D-4815-A728-B483A7EC1CB8}
    2013-12-17 20:07 - 2013-12-17 20:07 - 00000830 _____ C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
    2013-12-17 19:37 - 2013-12-17 07:37 - 00000000 ____D C:\Users\Christopher\AppData\Local\{DA84C86A-7EE4-43FB-A3C1-4A5E201646E2}
    2013-12-16 19:36 - 2013-12-16 19:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{F90B2B5C-5DF4-46D9-AEE4-F250377B5E7C}
    2013-12-16 07:36 - 2013-12-16 07:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{479B07AE-2D74-409B-AF04-B6F6690928DB}
    2013-12-15 11:44 - 2013-12-15 11:44 - 00000000 ____D C:\Users\Christopher\AppData\Local\{5D7F1445-4702-419E-991A-BDDEF39BCB66}
    2013-12-14 11:36 - 2013-12-14 11:36 - 00000000 ____D C:\Users\Christopher\AppData\Local\{E1738A61-974A-4467-97B6-65B82CEFAB1B}
    2013-12-13 22:18 - 2013-12-13 22:18 - 03556696 _____ (Acronis) C:\Windows\system32\auto_reactivate.exe
    2013-12-13 22:18 - 2013-12-13 22:18 - 00000000 _RSHD C:\bootwiz
    2013-12-13 22:06 - 2013-12-13 22:06 - 01322120 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
    2013-12-13 22:06 - 2013-12-13 22:06 - 00340104 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
    2013-12-13 22:06 - 2013-12-13 22:06 - 00156296 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys
    2013-12-13 20:59 - 2013-12-13 20:59 - 00000000 ____D C:\Users\Christopher\AppData\Local\{96A4600F-7465-4A6C-933F-63150A2D22C2}
    2013-12-13 08:16 - 2013-12-13 08:16 - 00000000 ____D C:\Users\Christopher\AppData\Local\{CE1B75F0-2413-4EDB-8978-F2BD8BC8C843}
    2013-12-12 19:16 - 2012-04-02 20:45 - 00000000 ____D C:\Users\Christopher\AppData\Local\Akamai
    2013-12-12 17:07 - 2012-04-02 19:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-12-12 17:06 - 2013-12-12 17:06 - 00000000 ____D C:\Users\Christopher\AppData\Local\{43FCDABB-12C6-4C91-B818-14534AF6C5EB}
    2013-12-12 17:06 - 2012-04-02 19:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-12-12 17:05 - 2012-04-02 19:35 - 00000000 ____D C:\Users\Christopher
    2013-12-12 17:04 - 2013-12-12 08:20 - 00000000 ____D C:\Program Files\WhoCrashed
    2013-12-12 17:04 - 2012-04-05 09:23 - 00000000 ____D C:\ProgramData\FLEXnet
    2013-12-12 17:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
    2013-12-12 08:05 - 2013-12-12 08:05 - 00000000 ____D C:\Users\Christopher\AppData\Local\{7C4F3EBA-2F07-4B79-819A-49F1C6C9AF78}
    2013-12-11 19:35 - 2013-12-11 19:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{507672C5-94B0-4934-8524-84ED3B2C1D5D}
    2013-12-11 07:35 - 2013-12-11 07:35 - 00000000 ____D C:\Users\Christopher\AppData\Local\{A9F2EEEB-A4BA-4BE5-B22C-8CEB6A32E7E9}
    2013-12-10 19:34 - 2013-12-10 07:34 - 00000000 ____D C:\Users\Christopher\AppData\Local\{1C3BD2D6-A667-4E53-9497-2E1FC7E19072}
    2013-12-09 19:31 - 2013-12-09 07:30 - 00000000 ____D C:\Users\Christopher\AppData\Local\{2D7DF771-DBA4-46A4-8050-0C108B42B1A2}
    2013-12-08 12:10 - 2013-12-08 12:10 - 00000000 ____D C:\Users\Christopher\AppData\Local\{8BD5D8B6-F597-4605-BAE7-649A244E3246}

    Some content of TEMP:
    ====================
    C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-01 01:16

    ==================== End Of Log ============================
     
  9. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    # AdwCleaner v3.016 - Report created 06/01/2014 at 22:15:44
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Christopher - CHRISTOPHER-PC
    # Running from : C:\Users\Christopher\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
    Folder Deleted : C:\Program Files (x86)\myfree codec

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKCU\Software\FLEXnet
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\Software\Myfree Codec
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\eo1ljh33.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3044 octets] - [06/01/2014 22:13:54]
    AdwCleaner[S0].txt - [2853 octets] - [06/01/2014 22:15:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2913 octets] ##########
     
  10. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    Please see both reports requested above. Again thank you for all your help, i will make a donation to the website. The Office software along with other software came complete with a used laptop purchased for my son from a well know auction website. There didn't seem that there was anything wrong with the CD or the serial number, it installed fine, no problems at all. If there is something that you can do to fix any issues with my computer or let me know how to do this that would be great! I don't want anything dodgy on my PC, if the only way to get rid of this is to do a new install then i am willing to do that.

    Thank you again.
     
  11. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    I also need to see the other log from FRST, Addition.txt, it should be saved on your desktop. If it isn't, run FRST again and make sure there is a check mark next to Addition.txt before you click on the Scan button, you need only post the Addition.txt log, don't post the new FRST.txt log as we already have it.

    The log above is showing some issues and the AutoKMS patch for Office appears to have been deleted since the last FRST scan was done.

    I'll put together a script to remove any bad entries once I have the other log.
     
  12. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    Thank you. Please see below....

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
    Ran by Christopher at 2014-01-07 08:18:02
    Running from C:\Users\Christopher\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AS: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Leawo DVD Creator version 4.3.0.0 (x32 Version: - )
    Acronis Backup & Recovery 11.5 Agent Core (x32 Version: 11.5.32266 - Acronis)
    Acronis Backup & Recovery 11.5 Command-Line Tool (x32 Version: 11.5.32266 - Acronis)
    Acronis Backup & Recovery 11.5 Tray Monitor (x32 Version: 11.5.32266 - Acronis)
    Acronis Backup & Recovery 11.5*Agent for Windows (x32 Version: 11.5.32266 - Acronis)
    Acronis Backup & Recovery 11.5*Bootable Media Builder (x32 Version: 11.5.32266 - Acronis)
    Acronis Backup & Recovery 11.5*Management*Console (x32 Version: 11.5.32266 - Acronis)
    Adobe Acrobat XI Pro (x32 Version: 11.0.01 - Adobe Systems)
    Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
    Adobe Creative Suite 5 Master Collection (x32 Version: 5.0 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (x32 Version: 10.1.52.14 - Adobe Systems, Inc.)
    Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228 - Adobe Systems Incorporated)
    Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
    Adobe Illustrator CS6 (x32 Version: 16.0 - Adobe Systems Incorporated)
    Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
    Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
    Adobe Reader 64-bit fixes (Version: - Leo Davidson / Pretentious Name)
    AI Suite (x32 Version: 1.05.33 - )
    Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
    Allok Video Converter 4.4.0208 (x32 Version: - Allok Soft Inc.)
    Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
    Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
    Bonjour (Version: 3.0.0.10 - Apple Inc.)
    Camtasia Studio 7 (x32 Version: 7.0.0 - TechSmith Corporation)
    Ccleaner Business Edition x64 x86 Tom_Da_Man (HKCU Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
    DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)
    Digital microscope (x32 Version: 2009.03.18 - Vimicro Corp.)
    Dragon NaturallySpeaking 11 (x32 Version: 11.50.100 - Nuance Communications Inc.)
    Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
    DVD Shrink 3.2 (x32 Version: - DVD Shrink)
    EASEUS Partition Master 5.0.1 Professional (x32 Version: - EASEUS)
    EASEUS Todo Backup 1.1 (x32 Version: - EASEUS)
    EPSON P50 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
    EPSON Scan (x32 Version: - Seiko Epson Corporation)
    EPU-6 Engine (x32 Version: 1.03.04 - )
    ESET NOD32 Antivirus (Version: 5.0.93.0 - ESET, spol. s r.o.)
    Express Gate Tools (x32 Version: 1.0.0.7 - DeviceVM, Inc.)
    FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
    gBurner (x32 Version: - )
    Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
    hueyPRO 1.5.1 (x32 Version: - Pantone & X-Rite)
    iTunes (Version: 10.7.0.21 - Apple Inc.)
    Java 7 Update 17 (x32 Version: 7.0.170 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 31 (x32 Version: 6.0.310 - Oracle)
    KeyShot4 4.0 64 bit (x32 Version: 4.0 64 bit - Luxion ApS)
    K-Lite Codec Pack 7.0.0 (Basic) (x32 Version: 7.0.0 - )
    Lagarith Lossless Codec (1.3.27) (x32 Version: - )
    Magic ISO Maker v5.5 (build 0281) (x32 Version: - )
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    marvell 61xx (x32 Version: 1.2.0.68 - Marvell)
    Marvell Miniport Driver (x32 Version: 11.10.5.3 - Marvell)
    MicroCapture 2.0 (x32 Version: 2.0 - )
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
    Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
    Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
    Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0 - Mozilla)
    Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
    Nero 2014 (x32 Version: 15.0.02200 - Nero AG)
    Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
    Nero Blu-ray Player (x32 Version: 12.0.20031 - Nero AG) Hidden
    Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
    Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
    Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.22500 - Nero AG) Hidden
    Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Effects Basic (x32 Version: 15.0.10010 - Nero AG) Hidden
    Nero Express (x32 Version: 15.0.19000 - Nero AG) Hidden
    Nero Info (x32 Version: 15.1.0023 - Nero AG) Hidden
    Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Launcher (x32 Version: 15.0.8000 - Nero AG) Hidden
    Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
    Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
    NVIDIA 3D Vision Controller Driver 314.07 (Version: 314.07 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 314.07 (Version: 314.07 - NVIDIA Corporation)
    NVIDIA Control Panel 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 314.07 (Version: 314.07 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
    NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation)
    NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
    PC Probe II (x32 Version: 1.04.75 - ASUSTek)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
    PSD Codec by Ardfry Imaging, LLC (32 bit) (x32 Version: 1.0.0.0 - Ardfry Imaging, LLC)
    PSD Codec by Ardfry Imaging, LLC (64 bit) (Version: 1.0.0.0 - Ardfry Imaging, LLC)
    PSD CODEC Version 1.0 (Version: - Ardfry Imaging, LLC)
    PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
    QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
    Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
    Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
    Serif DrawPlus X5 (x32 Version: 12.0.0.017 - Serif (Europe) Ltd)
    Skype&#8482; 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
    SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
    SolidWorks 2013 x64 Edition SP0 (x32 Version: 21.0.0.5024 - SolidWorks Corporation)
    SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
    SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
    SolidWorks Flow Simulation 2013 SP0 x64 Edition (Version: 21.00.5025 - SolidWorks Corporation) Hidden
    SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
    Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
    System Requirements Lab (x32 Version: - )
    TradeManager 2011 SP2 (x32 Version: - Alisoft)
    TrueColorFinder Software (x32 Version: 1.8.5 - LG Soft India Pvt Ltd)
    Turbo Lister 2 (x32 Version: 2.00.0000 - eBay Inc.)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553092) (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
    Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.0 - Nuance Communications Inc.)
    Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
    WinRAR archiver (Version: - )
    WinX HD Video Converter Deluxe 3.10.3 (x32 Version: - Digiarty Software,Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2009-07-14 02:34 - 2013-01-08 21:52 - 00006949 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 3dns-2.adobe.com #192.150.22.22
    127.0.0.1 3dns-3.adobe.com #192.150.14.21
    127.0.0.1 3dns-4.adobe.com #192.150.18.247
    127.0.0.1 3dns-5.adobe.com #192.150.22.46
    127.0.0.1 adobe-dns.adobe.com #192.150.11.30
    127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
    127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
    127.0.0.1 adobe.activate.com #69.175.22.26
    127.0.0.1 activate.adobe.com #192.150.22.40
    127.0.0.1 activate.wip3.adobe.com #192.150.22.40
    127.0.0.1 activate.wip4.adobe.com #192.150.22.40
    127.0.0.1 activate-sea.adobe.com #192.150.22.40
    127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
    127.0.0.1 ereg.adobe.com #192.150.18.103
    127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
    127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
    127.0.0.1 practivate.adobe.com #192.150.18.54
    127.0.0.1 www.wip3.adobe.com #192.150.8.60
    127.0.0.1 www.wip4.adobe.com #192.150.18.200
    127.0.0.1 www.adobeereg.com #75.125.24.83
    127.0.0.1 adobeereg.com #207.66.2.10
    127.0.0.1 hl2rcv.adobe.com #192.150.14.174
    127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
    127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
    127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
    127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
    127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
    127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
    127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36

    There are 88 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {2C2361E7-6921-4D06-B188-1A89E557F1AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000UA => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31] (Google Inc.)
    Task: {3BFEAC3B-8DD0-4461-96BD-B41F89CCAA48} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
    Task: {45AC58C0-E75E-4BB0-B852-811BD53D8E25} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
    Task: {581C1F92-A42D-4BA4-BC76-67DFCC1C3656} - \AutoKMS No Task File
    Task: {5C0F8405-12C8-4E02-A475-FD59BFE55A30} - System32\Tasks\ASUS\Launch AI Direct Link => C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
    Task: {869960DB-7AFA-49EB-8650-75191532FDB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000Core => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31] (Google Inc.)
    Task: {8C39D2D2-4215-4EE6-9258-F06C650F0070} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02] (Adobe Systems Incorporated)
    Task: {930A3072-A49C-4792-BB85-CC264B57A0D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A1A37C7A-9AA5-423E-82A1-E935711B6672} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2010-03-08] (ASUSTeK Computer Inc.)
    Task: {A6E5D639-C4DA-4C58-B999-185163986D1D} - System32\Tasks\{0C9FEFD2-E4B2-4DDF-AFC7-B286F0262ACF} => Iexplore.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
    Task: {B96EC538-A08B-4ACD-81D7-5DD22EFBB6F1} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
    Task: {FA1CD9F9-EF0B-4A01-B241-54D2E523DE05} - System32\Tasks\AdobeAAMUpdater-1.0-CHRISTOPHER-PC-Christopher => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-15] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000Core.job => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-652491782-1900994055-1619452371-1000UA.job => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2012-09-28 04:50 - 2012-09-28 04:50 - 00272488 _____ () P:\SolidWorks\SolidWorks\sldBodyDiffu.dll
    2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-04-02 21:57 - 2009-04-22 19:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
    2012-04-02 21:57 - 2009-08-27 18:41 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
    2012-04-02 21:57 - 2009-08-27 18:41 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
    2013-03-13 20:48 - 2013-03-13 20:48 - 24978944 _____ () C:\Users\Christopher\AppData\Roaming\Dropbox\bin\libcef.dll
    2012-04-02 21:11 - 2008-02-25 14:08 - 00208896 _____ () C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
    2012-04-02 21:11 - 2007-01-03 21:25 - 00008704 _____ () C:\Program Files\ASUS\Ai Suite\AiNap\vvc.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============

    Name: ASUS PCE-N53 300Mbps 11n Dual band Wireless LAN PCI-E Card
    Description: ASUS PCE-N53 300Mbps 11n Dual band Wireless LAN PCI-E Card
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ASUSTeK Computer Inc.
    Service: netr28x
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/07/2014 08:16:32 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 10:17:23 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 10:03:43 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 08:55:10 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 08:47:28 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 06:04:26 PM) (Source: .NET Runtime) (User: )
    Description: .NET Runtime version 4.0.30319.530 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1420. Message ID: [0x2509].

    Error: (01/06/2014 05:12:54 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 05:10:02 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 05:05:41 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 05:03:06 PM) (Source: Outlook) (User: )
    Description: Failed to determine if the store is in the crawl scope (error=0x8007041d).


    System errors:
    =============
    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: Service Control Manager) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (01/07/2014 08:16:48 AM) (Source: PNRPSvc) (User: )
    Description: 0x80630801

    Error: (01/07/2014 08:16:48 AM) (Source: PNRPSvc) (User: )
    Description: 0x80630801


    Microsoft Office Sessions:
    =========================
    Error: (01/07/2014 08:16:32 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 10:17:23 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 10:03:43 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 08:55:10 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 08:47:28 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 06:04:26 PM) (Source: .NET Runtime)(User: )
    Description: .NET Runtime version 4.0.30319.530 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1420. Message ID: [0x2509].

    Error: (01/06/2014 05:12:54 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 05:10:02 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 05:05:41 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/06/2014 05:03:06 PM) (Source: Outlook)(User: )
    Description: 0x8007041d


    CodeIntegrity Errors:
    ===================================
    Date: 2012-05-03 21:42:27.478
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:27.447
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:27.431
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:27.415
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:20.581
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:20.565
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:20.550
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:20.519
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:13.195
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-05-03 21:42:13.179
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\CHRIST~1\Desktop\DG834R~1\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 37%
    Total physical RAM: 4095.05 MB
    Available physical RAM: 2570.16 MB
    Total Pagefile: 8188.3 MB
    Available Pagefile: 6636.56 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (SSD Windows 7) (Fixed) (Total:103.5 GB) (Free:49.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive p: (SSD Programs) (Fixed) (Total:15.75 GB) (Free:4.5 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 83F8CE7D)
    Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=16 GB) - (Type=OF Extended)

    ==================== End Of Log ============================
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    There is another pirated product on your system, it is an Adobe product, most probably Adobe illustrator and/or the Creative suite. There are entries in the Hosts file which block connection with the Adobe site so that the product remains activated, these entries will have to be removed so the product will then not be usable.

    Please uninstall the Adobe products that are not genuine. Did you remove the AutoKMS activator?

    There also appears to be a lot of Acronis items still on the system which you said you had uninstalled.

    We had better run a licence check on your system to see if the copy of Office you have is actually genuine or not. If you received a genuine disk with a valid product key this scan will show if it is ok or not.


    • To run the tool, click on this link: MGADiag
    • In the File Download - Security Warning dialog box, click Run.
    • In the Internet Explorer - Security Warning dialog box, click Run.
    • In the Microsoft Genuine Advantage Diagnostic Tool dialog box, click Continue.
    • When the MGADIAG tool finishes, ensure it is displaying the information under the Windows tab and click Copy.
    • Come back to this thread and right click on the message box and select Paste from the pop up menu and the results will appear, then submit the message.
     
  14. jacksroller

    jacksroller Thread Starter

    Joined:
    Jan 5, 2014
    Messages:
    8
    Thank you again for your reply. I've finished work late tonight so will follow your instructions tomorrow. I must say I have been very concerned with some of the things you have found on my computer. I have tried to get in touch with the person I purchased the computer and software from, but so far I have had no reply.

    I have not removed any kms program, but have run a few virus scans. At this point I am so concerned I am thinking it is best to wipe the system and start again. The important thing for me was to get family pictures off of my system which you have helped with. Can you offer me a good clean way to remove everything from my system so it is completely clean?

    Kind Regards
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1116819

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice