Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bleeping noise on start up and multiple pages opening


  • This topic is locked This topic is locked
338 replies to this topic

#1 woodville

woodville

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 04 March 2014 - 09:23 AM

This post has been redirected from  the 'am I infected'forum.  A bleeping - alarm type noise begins as I start this laptop and continues until the Packard Bell logo goes and Windows starts to load.  When I click on Chrome a window opens stating that WindowsExplorer has stopped working and Windows is searching for a solution to the problem.  I then get lots of Chromepages opening and also (on occasions) pages of other programmes etc. that the cursor has gone near.  If I am able to use the Task Manager there are lots of processes running.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by kelcie at 13:57:05 on 2014-03-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4026.2510 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F17FCF5C-2AE4-4D7E-A305-F41702BF6BD0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F17FCF5C-2AE4-4D7E-A305-F41702BF6BD0}\3747166666 : DHCPNameServer = 10.1.10.3 10.31.0.3
TCP: Interfaces\{F17FCF5C-2AE4-4D7E-A305-F41702BF6BD0}\4456661657C647 : DHCPNameServer = 194.168.4.100 192.168.0.1
TCP: Interfaces\{F17FCF5C-2AE4-4D7E-A305-F41702BF6BD0}\7657563747 : DHCPNameServer = 10.1.10.3 212.23.3.100 194.72.6.57
TCP: Interfaces\{F17FCF5C-2AE4-4D7E-A305-F41702BF6BD0}\94E6475627E6564702F4E6C69702D2023547166666 : DHCPNameServer = 10.1.10.3 212.23.3.100 194.72.6.57
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-5 22600]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-24 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-24 207904]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-4-15 316312]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-27 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-27 421704]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-12-16 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-2-10 282712]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-2-10 397848]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-27 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-9 50344]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-9-17 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-14 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-5-25 255744]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-2-10 1444120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-7-14 243232]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-12 80184]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-14 135560]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-14 139264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-28 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-27 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-25 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-14 246304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-25 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-04 12:56:55 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64DFFDC7-6AF2-4FFB-A125-702528F7E4A0}\mpengine.dll
2014-03-03 19:51:32 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-03 19:51:32 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-03 19:50:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-02 08:07:54 -------- d-----w- C:\Program Files (x86)\ESET
2014-03-02 07:34:23 -------- d-----w- C:\Windows\ERUNT
2014-03-01 12:42:49 -------- d-----w- C:\AdwCleaner
2014-02-27 14:17:49 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-27 14:17:49 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-26 15:59:15 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-26 15:58:59 942592 ----a-w- C:\Windows\System32\jsIntl.dll
2014-02-26 14:40:06 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 14:40:06 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 07:38:02 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-02-25 07:36:55 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-02-25 07:36:53 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-02-25 07:36:53 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-02-25 07:36:52 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-02-25 07:35:17 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-25 07:35:16 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-25 07:34:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-02-25 07:34:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-02-24 16:00:25 -------- d-----w- C:\ProgramData\Licenses
2014-02-24 16:00:18 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-02-24 16:00:18 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-02-24 16:00:18 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-02-18 15:57:52 -------- d-----w- C:\FRST
2014-02-18 13:52:00 -------- d-----w- C:\Windows\pss
2014-02-16 15:11:43 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-16 15:11:43 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-16 15:11:42 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-16 15:11:42 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-16 14:55:32 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-02-16 14:55:30 -------- d-----w- C:\Program Files (x86)\TweakNow RegCleaner 2012
2014-02-12 06:56:15 -------- d-----w- C:\Users\kelcie\AppData\Roaming\Malwarebytes
2014-02-12 06:55:58 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-12 06:55:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-12 06:55:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 14:29:56 -------- d-----w- C:\Users\kelcie\AppData\Roaming\WildTangent
2014-02-10 11:31:07 -------- d-----w- C:\Users\kelcie\AppData\Roaming\TuneUp Software
2014-02-10 11:30:50 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2014
2014-02-10 11:29:51 -------- d-----w- C:\ProgramData\TuneUp Software
2014-02-10 11:29:18 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-10 11:29:18 -------- d--h--w- C:\ProgramData\Common Files
2014-02-09 16:18:58 -------- d--h--w- C:\Windows\msdownld.tmp
2014-02-09 12:29:35 -------- d-----w- C:\Users\kelcie\AppData\Roaming\AVAST Software
2014-02-08 16:08:23 3167112 ----a-w- C:\Windows\System32\HTMLayout.dll
2014-02-06 17:13:11 -------- d-----w- C:\Users\kelcie\AppData\Roaming\TweakNow RegCleaner 2012
2014-02-06 17:12:54 -------- d-----w- C:\Users\kelcie\AppData\Roaming\TweakNow RegCleaner
2014-02-06 17:12:54 -------- d-----w- C:\Program Files (x86)\TweakNow RegCleaner
2014-02-05 10:55:19 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-02-05 10:55:19 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-02-05 10:55:18 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-05 10:55:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-02-05 10:55:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-02-05 10:55:18 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-02-05 10:55:18 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-02-05 10:55:15 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-05 10:55:11 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-02-26 15:58:59 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-22 15:30:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 15:30:54 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-10 11:35:40 316312 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-02-09 12:25:46 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-09 12:25:46 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-09 12:25:46 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-09 12:25:45 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-12 18:47:57 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-12 18:47:57 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-12 18:47:56 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-18 06:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 13:58:16.69 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/12/2010 09:09:25
System Uptime: 04/03/2014 13:45:20 (0 hours ago)
.
Motherboard: Packard Bell | | SJV52_MV
Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | uPGA-478 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 145.804 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP408: 11/02/2014 13:07:41 - Windows Modules Installer
RP409: 11/02/2014 13:08:25 - Windows Modules Installer
RP410: 11/02/2014 13:09:09 - Windows Modules Installer
RP411: 11/02/2014 13:09:54 - Windows Modules Installer
RP412: 11/02/2014 13:10:39 - Windows Modules Installer
RP413: 11/02/2014 13:11:23 - Windows Modules Installer
RP414: 11/02/2014 13:12:05 - Windows Modules Installer
RP415: 11/02/2014 13:12:48 - Windows Modules Installer
RP416: 11/02/2014 13:13:32 - Windows Modules Installer
RP417: 11/02/2014 13:14:17 - Windows Modules Installer
RP418: 16/02/2014 15:08:22 - Windows Update
RP419: 19/02/2014 17:10:41 - Windows Update
RP420: 22/02/2014 07:58:26 - Installed Rapport
RP421: 22/02/2014 16:12:45 - OTL Restore Point - 22/02/2014 16:12:45
RP422: 24/02/2014 18:49:19 - Windows Modules Installer
RP423: 25/02/2014 07:35:38 - Windows Update
RP424: 25/02/2014 08:23:48 - Windows Update
RP425: 26/02/2014 15:50:32 - Windows Update
RP426: 26/02/2014 15:56:22 - Windows Update
RP427: 27/02/2014 14:15:19 - Windows Update
RP428: 04/03/2014 12:55:19 - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Advertising Center
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
avast! Free Antivirus
Backup Manager Basic
Bejeweled 2 Deluxe
Bing Bar
blinkx beat
Bonzuna
Broadcom Gigabit NetLink Controller
Build-a-lot 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
DivX Setup
DivX Web Player
Driving Test Success - All Tests 2012 Edition
Driving Theory Test Express v3.1.0.0
eBay Worldwide
eMule
ESET Online Scanner v3
ETDWare PS/2-x64 7.0.6.5_WHQL
Facebook Video Calling 2.0.0.447
Farm Frenzy
FATE
Final Drive Nitro
Google Chrome
Google Update Helper
ImagXpress
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Kaspersky Security Scan
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
Packard Bell Games
Packard Bell InfoCentre
Packard Bell MyBackup
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Social Networks
Packard Bell Updater
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
QuickTime
Rapport
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SpywareBlaster 5.0
Trusteer Endpoint Protection
TuneUp Utilities 2014 (en-US)
TweakNow RegCleaner 2012
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Video Web Camera
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (Packard Bell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
Xvid Video Codec
Zuma's Revenge
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
04/03/2014 13:31:31, Error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 08 March 2014 - 01:45 PM.
Attach log posted


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 08 March 2014 - 01:47 PM

Greetings woodville and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run these programs for me.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 08 March 2014 - 05:11 PM

Thanks for your help Gary - everything seemed to go as expected apart from too many windows opening at times, Sylvia.

 

ComboFix 14-03-05.01 - kelcie 08/03/2014  20:59:04.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4026.2698 [GMT 0:00]
Running from: c:\users\kelcie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\programdata\c0ea2453c57b23400165d40be31e01d0_c
c:\users\kelcie\AppData\Local\Microsoft\Windows\Temporary Internet Files\albrechto_iels
c:\users\kelcie\Documents\~WRL0005.tmp
c:\users\kelcie\Documents\~WRL0006.tmp
c:\users\kelcie\Documents\~WRL0007.tmp
c:\users\kelcie\Documents\~WRL2962.tmp
c:\users\kelcie\Documents\~WRL3780.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-08 to 2014-03-08  )))))))))))))))))))))))))))))))
.
.
2014-03-08 21:16 . 2014-03-08 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-08 20:35 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92C62E49-FD65-4DDA-8FBA-9BAD6D671F61}\mpengine.dll
2014-03-03 19:51 . 2014-03-03 20:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-03 19:51 . 2014-03-03 19:51 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-03 19:50 . 2014-03-03 19:50 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-02 08:07 . 2014-03-02 08:07 -------- d-----w- c:\program files (x86)\ESET
2014-03-02 07:34 . 2014-03-02 07:34 -------- d-----w- c:\windows\ERUNT
2014-03-01 12:42 . 2014-03-01 13:00 -------- d-----w- C:\AdwCleaner
2014-02-27 14:17 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-27 14:17 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-26 15:59 . 2014-02-26 15:59 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-26 15:58 . 2014-02-26 15:58 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-02-26 14:40 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 14:40 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 07:38 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-25 07:36 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-02-25 07:36 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-02-25 07:36 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-02-25 07:36 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-02-25 07:35 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-25 07:35 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-25 07:34 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-02-25 07:34 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-02-24 16:00 . 2014-02-24 16:00 -------- d-----w- c:\programdata\Licenses
2014-02-24 16:00 . 2014-02-25 16:28 -------- d-----w- c:\program files (x86)\SpywareBlaster
2014-02-24 16:00 . 2011-11-04 05:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-02-24 16:00 . 2009-03-24 12:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-02-18 15:57 . 2014-02-22 15:42 -------- d-----w- C:\FRST
2014-02-16 15:11 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-16 15:11 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-16 15:11 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-16 15:11 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-16 14:55 . 2014-02-16 14:55 -------- d-----w- c:\program files\McAfee Security Scan
2014-02-16 14:55 . 2014-02-16 15:01 -------- d-----w- c:\program files (x86)\TweakNow RegCleaner 2012
2014-02-12 06:56 . 2014-02-12 06:56 -------- d-----w- c:\users\kelcie\AppData\Roaming\Malwarebytes
2014-02-12 06:55 . 2014-02-12 06:55 -------- d-----w- c:\programdata\Malwarebytes
2014-02-12 06:55 . 2014-02-12 06:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-12 06:55 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-11 14:29 . 2014-02-11 14:29 -------- d-----w- c:\users\kelcie\AppData\Roaming\WildTangent
2014-02-10 11:31 . 2014-02-10 11:31 -------- d-----w- c:\users\kelcie\AppData\Roaming\TuneUp Software
2014-02-10 11:30 . 2014-02-11 10:48 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-02-10 11:29 . 2014-02-11 10:48 -------- d-----w- c:\programdata\TuneUp Software
2014-02-10 11:29 . 2014-02-11 10:48 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-10 11:29 . 2014-02-10 11:29 -------- d--h--w- c:\programdata\Common Files
2014-02-09 16:18 . 2014-02-09 16:19 -------- d--h--w- c:\windows\msdownld.tmp
2014-02-09 12:29 . 2014-02-09 12:29 -------- d-----w- c:\users\kelcie\AppData\Roaming\AVAST Software
2014-02-08 16:08 . 2014-01-12 18:41 3167112 ----a-w- c:\windows\system32\HTMLayout.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 15:30 . 2012-04-08 19:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 15:30 . 2011-08-07 12:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-19 17:24 . 2011-04-18 07:33 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-10 11:35 . 2011-04-15 18:29 316312 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2014-02-09 12:25 . 2014-01-12 18:48 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-09 12:25 . 2011-02-27 09:25 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-09 12:25 . 2011-02-27 09:24 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-09 12:25 . 2011-02-27 09:24 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-09 12:25 . 2011-02-27 09:24 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-09 12:25 . 2011-02-27 09:24 43152 ----a-w- c:\windows\avastSS.scr
2014-01-12 18:47 . 2013-03-24 14:44 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 18:47 . 2013-03-24 14:44 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-12 18:47 . 2012-03-11 05:40 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-19 13:11 . 2011-02-27 09:24 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-18 06:13 . 2010-12-25 09:22 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-05-25 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-09 3767096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 15:26 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:30]
.
2014-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001Core.job
- c:\users\kelcie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 14:34]
.
2014-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001UA.job
- c:\users\kelcie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 14:34]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 13:34]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-09 12:25 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2351789889-1854393074-3027101475-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2351789889-1854393074-3027101475-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2351789889-1854393074-3027101475-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-08  21:22:45
ComboFix-quarantined-files.txt  2014-03-08 21:22
.
Pre-Run: 156,624,322,560 bytes free
Post-Run: 156,545,912,832 bytes free
.
- - End Of File - - E35F1973F5E9D2898CEC84C8BE9306F4
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by kelcie (administrator) on KELCIE-PC on 08-03-2014 21:58:07
Running from C:\Users\kelcie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Farbar) C:\Users\kelcie\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-05-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.searchbrowsing.com
CHR DefaultSearchKeyword: r
CHR DefaultSearchProvider: Search Results
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX® Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\kelcie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (WOT) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-24]
CHR Extension: (YouTube) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (McAfee Security Scan+) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Google Search) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (avast! Online Security) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Gmail) - C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-05-25] (NewTech Infosystems, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
 
==================== Drivers (Whitelisted) ====================
 
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-12] ()
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-16] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-08 21:58 - 2014-03-08 21:58 - 00014616 _____ () C:\Users\kelcie\Desktop\FRST.txt
2014-03-08 21:47 - 2014-03-08 21:47 - 00000546 _____ () C:\Windows\PFRO.log
2014-03-08 21:44 - 2014-03-08 21:44 - 02156544 _____ (Farbar) C:\Users\kelcie\Desktop\FRST64 (1).exe
2014-03-08 21:22 - 2014-03-08 21:22 - 00022710 _____ () C:\ComboFix.txt
2014-03-08 20:56 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-08 20:56 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-08 20:56 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-08 20:56 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-08 20:56 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-08 20:56 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-08 20:56 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-08 20:56 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-08 20:55 - 2014-03-08 21:22 - 00000000 ____D () C:\Qoobox
2014-03-08 20:55 - 2014-03-08 21:18 - 00000000 ____D () C:\Windows\erdnt
2014-03-08 20:47 - 2014-03-08 20:48 - 05187267 ____R (Swearware) C:\Users\kelcie\Desktop\ComboFix.exe
2014-03-04 13:58 - 2014-03-04 13:58 - 00021040 _____ () C:\Users\kelcie\Desktop\dds.txt
2014-03-04 13:58 - 2014-03-04 13:58 - 00006184 _____ () C:\Users\kelcie\Desktop\attach.txt
2014-03-04 13:51 - 2014-03-04 13:51 - 00688992 ____R (Swearware) C:\Users\kelcie\Desktop\dds.com
2014-03-03 19:51 - 2014-03-03 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-03 19:51 - 2014-03-03 19:51 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-03 19:50 - 2014-03-03 20:09 - 00000000 ____D () C:\Users\kelcie\Desktop\mbar
2014-03-03 19:50 - 2014-03-03 19:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 19:45 - 2014-03-03 19:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\kelcie\Desktop\mbar-1.07.0.1009.exe
2014-03-02 08:07 - 2014-03-02 08:07 - 00001296 _____ () C:\Users\kelcie\Desktop\esetsmartinstaller_enu - Shortcut.lnk
2014-03-02 08:07 - 2014-03-02 08:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-02 08:05 - 2014-03-02 08:05 - 02347384 _____ (ESET) C:\Users\kelcie\Downloads\esetsmartinstaller_enu.exe
2014-03-02 07:56 - 2014-03-02 07:56 - 00057623 _____ () C:\Users\kelcie\Desktop\JRT.txt
2014-03-02 07:34 - 2014-03-02 07:34 - 00000000 ____D () C:\Windows\ERUNT
2014-03-01 12:42 - 2014-03-01 13:00 - 00000000 ____D () C:\AdwCleaner
2014-03-01 12:12 - 2014-03-01 12:12 - 00028236 _____ () C:\Users\kelcie\Downloads\Result.txt
2014-03-01 12:05 - 2014-03-02 07:32 - 00001393 _____ () C:\Users\kelcie\Desktop\JRT - Shortcut.lnk
2014-03-01 12:04 - 2014-03-01 12:04 - 01037734 _____ (Thisisu) C:\Users\kelcie\Downloads\JRT.exe
2014-03-01 12:03 - 2014-03-01 12:42 - 00001466 _____ () C:\Users\kelcie\Desktop\AdwCleaner - Shortcut.lnk
2014-03-01 12:02 - 2014-03-01 12:03 - 01244192 _____ () C:\Users\kelcie\Downloads\AdwCleaner.exe
2014-03-01 12:01 - 2014-03-01 12:01 - 00001466 _____ () C:\Users\kelcie\Desktop\tdsskiller - Shortcut.lnk
2014-03-01 12:00 - 2014-03-01 12:00 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\kelcie\Downloads\tdsskiller.exe
2014-03-01 11:53 - 2014-03-01 11:53 - 00001471 _____ () C:\Users\kelcie\Desktop\MiniToolBox - Shortcut.lnk
2014-03-01 11:52 - 2014-03-01 11:53 - 00982016 _____ (Farbar) C:\Users\kelcie\Downloads\MiniToolBox.exe
2014-02-27 14:17 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-27 14:17 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-27 14:16 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-27 14:16 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-27 14:16 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-27 14:16 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-27 14:16 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-27 14:16 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-27 14:16 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-27 14:16 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-27 14:16 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-27 14:16 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-27 14:16 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-27 14:16 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-27 14:16 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-27 14:16 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-27 14:16 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-27 14:16 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-27 14:16 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-27 14:16 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-27 14:16 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-27 14:16 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-27 14:16 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-27 14:16 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-27 14:16 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-27 14:16 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-27 14:16 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-27 14:16 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-27 14:16 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-27 14:16 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-27 14:16 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-27 14:16 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-27 14:16 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-27 14:16 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-27 14:16 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-27 14:16 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-27 14:16 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-27 14:16 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-27 14:16 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 14:16 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-27 14:16 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 16:21 - 2014-03-08 21:52 - 00251844 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 16:17 - 2014-03-08 21:47 - 00001098 _____ () C:\Windows\setupact.log
2014-02-26 16:17 - 2014-02-26 16:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 15:59 - 2014-02-26 15:59 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-26 15:59 - 2014-02-26 15:59 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-26 15:59 - 2014-02-26 15:59 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-26 15:59 - 2014-02-26 15:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-26 15:58 - 2014-02-26 15:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-26 15:58 - 2014-02-26 15:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-26 15:58 - 2014-02-26 15:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-26 15:58 - 2014-02-26 15:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-26 15:57 - 2014-02-26 16:02 - 00007436 _____ () C:\Windows\IE11_main.log
2014-02-26 14:40 - 2014-01-09 02:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 14:40 - 2014-01-03 22:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 07:38 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-25 07:37 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-25 07:37 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-25 07:37 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-25 07:37 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-25 07:37 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-25 07:37 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-25 07:37 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-25 07:37 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-25 07:37 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-25 07:37 - 2013-10-02 00:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-25 07:37 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-25 07:37 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-25 07:37 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-25 07:37 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-25 07:37 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-25 07:37 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-25 07:37 - 2012-08-23 13:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-25 07:36 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-25 07:36 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-25 07:36 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-25 07:36 - 2012-08-23 09:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-25 07:35 - 2013-09-25 02:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-25 07:35 - 2013-09-25 01:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-25 07:34 - 2012-05-04 11:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-25 07:34 - 2012-05-04 09:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-24 16:00 - 2014-02-25 16:28 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-24 16:00 - 2014-02-24 16:00 - 00001055 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-02-24 16:00 - 2014-02-24 16:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-24 16:00 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-02-24 16:00 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-02-24 15:04 - 2014-02-24 15:04 - 04095448 _____ (BrightFort LLC ) C:\Users\kelcie\Downloads\spywareblastersetup50.exe
2014-02-24 14:46 - 2014-02-24 14:46 - 00001991 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 18:18 - 2014-02-23 18:18 - 00001056 _____ () C:\Users\kelcie\Desktop\checkup.txt
2014-02-23 18:09 - 2014-02-23 18:10 - 00987425 _____ () C:\Users\kelcie\Downloads\SecurityCheck.exe
2014-02-22 16:37 - 2014-02-22 16:37 - 00157510 _____ () C:\Users\kelcie\Downloads\OTL.Txt
2014-02-22 15:55 - 2014-02-22 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\kelcie\Downloads\OTL.exe
2014-02-22 11:29 - 2014-02-22 11:31 - 02154496 _____ (Farbar) C:\Users\kelcie\Downloads\FRST64.exe
2014-02-19 17:56 - 2014-02-22 11:30 - 00000000 ____D () C:\Users\kelcie\Downloads\FRST-OlderVersion
2014-02-18 16:01 - 2014-02-22 12:01 - 00041234 _____ () C:\Users\kelcie\Downloads\Addition.txt
2014-02-18 15:58 - 2014-02-22 12:12 - 00049130 _____ () C:\Users\kelcie\Downloads\FRST.txt
2014-02-18 15:57 - 2014-03-08 21:58 - 00000000 ____D () C:\FRST
2014-02-18 13:52 - 2014-02-18 13:52 - 00000000 ____D () C:\Windows\pss
2014-02-16 15:12 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-16 15:12 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 15:12 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 15:12 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 15:12 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-16 15:12 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-16 15:12 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 15:12 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 15:12 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 15:12 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 15:12 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 15:12 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 15:12 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 15:12 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 15:12 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-16 15:12 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-16 15:12 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-16 15:12 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-16 15:12 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-16 15:12 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-16 15:12 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-16 15:12 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-16 15:12 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-16 15:12 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-16 15:11 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-16 15:11 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 15:11 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-16 15:11 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 14:56 - 2014-02-16 14:56 - 00001943 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-16 14:55 - 2014-02-16 15:01 - 00000000 ____D () C:\Program Files (x86)\TweakNow RegCleaner 2012
2014-02-16 14:55 - 2014-02-16 14:55 - 00002019 _____ () C:\Users\Public\Desktop\TweakNow RegCleaner 2012.lnk
2014-02-16 14:55 - 2014-02-16 14:55 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-12 06:56 - 2014-02-12 06:56 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\Malwarebytes
2014-02-12 06:55 - 2014-02-12 06:55 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 06:55 - 2014-02-12 06:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 06:55 - 2014-02-12 06:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 06:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 14:29 - 2014-02-11 14:29 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\WildTangent
2014-02-10 11:31 - 2014-02-10 11:31 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\TuneUp Software
2014-02-10 11:30 - 2014-02-11 10:48 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-02-10 11:29 - 2014-02-11 10:48 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-10 11:29 - 2014-02-11 10:48 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-10 11:06 - 2014-02-10 11:08 - 55352744 _____ (TuneUp Software) C:\Users\kelcie\Downloads\TuneUpUtilities2014_en-US.exe
2014-02-10 10:09 - 2014-02-10 10:09 - 07072616 _____ (TweakNow.com ) C:\Users\kelcie\Downloads\RegCleaner7201.exe
2014-02-10 09:43 - 2014-02-10 09:43 - 00401752 _____ (Softonic ) C:\Users\kelcie\Downloads\SoftonicDownloader_for_tweaknow-regcleaner.exe
2014-02-09 16:18 - 2014-02-09 16:19 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-09 12:48 - 2014-02-09 12:50 - 58080904 _____ (Microsoft Corporation) C:\Users\kelcie\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2014-02-09 12:29 - 2014-02-09 12:29 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\AVAST Software
2014-02-09 12:06 - 2014-02-09 12:10 - 90578216 _____ (AVAST Software) C:\Users\kelcie\Downloads\avast_free_antivirus_setup.exe
2014-02-08 20:28 - 2014-02-08 20:28 - 00001139 _____ () C:\Users\kelcie\Desktop\Pictures - Shortcut.lnk
2014-02-08 16:08 - 2014-01-12 18:41 - 03167112 _____ (AVAST Software) C:\Windows\system32\HTMLayout.dll
2014-02-08 15:45 - 2014-02-11 10:57 - 00001978 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-06 17:13 - 2014-02-16 14:55 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\TweakNow RegCleaner 2012
2014-02-06 17:12 - 2014-02-08 15:18 - 00000000 ____D () C:\Program Files (x86)\TweakNow RegCleaner
2014-02-06 17:12 - 2014-02-06 17:12 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\TweakNow RegCleaner
 
==================== One Month Modified Files and Folders =======
 
2014-03-08 21:58 - 2014-03-08 21:58 - 00014616 _____ () C:\Users\kelcie\Desktop\FRST.txt
2014-03-08 21:58 - 2014-02-18 15:57 - 00000000 ____D () C:\FRST
2014-03-08 21:57 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 21:57 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 21:53 - 2010-12-25 09:38 - 00000000 ____D () C:\Users\kelcie\Tracing
2014-03-08 21:52 - 2014-02-26 16:21 - 00251844 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 21:50 - 2013-06-25 16:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-08 21:48 - 2010-12-25 13:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 21:48 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 21:47 - 2014-03-08 21:47 - 00000546 _____ () C:\Windows\PFRO.log
2014-03-08 21:47 - 2014-02-26 16:17 - 00001098 _____ () C:\Windows\setupact.log
2014-03-08 21:44 - 2014-03-08 21:44 - 02156544 _____ (Farbar) C:\Users\kelcie\Desktop\FRST64 (1).exe
2014-03-08 21:40 - 2011-09-19 20:36 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001UA.job
2014-03-08 21:30 - 2012-04-08 19:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 21:27 - 2011-02-01 19:33 - 00002155 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 21:27 - 2010-12-25 13:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 21:22 - 2014-03-08 21:22 - 00022710 _____ () C:\ComboFix.txt
2014-03-08 21:22 - 2014-03-08 20:55 - 00000000 ____D () C:\Qoobox
2014-03-08 21:22 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2014-03-08 21:18 - 2014-03-08 20:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-08 21:16 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-08 20:48 - 2014-03-08 20:47 - 05187267 ____R (Swearware) C:\Users\kelcie\Desktop\ComboFix.exe
2014-03-04 16:39 - 2011-01-02 22:53 - 00000000 ____D () C:\Users\kelcie\AppData\Local\CrashDumps
2014-03-04 13:58 - 2014-03-04 13:58 - 00021040 _____ () C:\Users\kelcie\Desktop\dds.txt
2014-03-04 13:58 - 2014-03-04 13:58 - 00006184 _____ () C:\Users\kelcie\Desktop\attach.txt
2014-03-04 13:51 - 2014-03-04 13:51 - 00688992 ____R (Swearware) C:\Users\kelcie\Desktop\dds.com
2014-03-03 20:09 - 2014-03-03 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-03 20:09 - 2014-03-03 19:50 - 00000000 ____D () C:\Users\kelcie\Desktop\mbar
2014-03-03 19:51 - 2014-03-03 19:51 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-03 19:50 - 2014-03-03 19:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 19:45 - 2014-03-03 19:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\kelcie\Desktop\mbar-1.07.0.1009.exe
2014-03-02 09:34 - 2011-01-26 14:23 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\SoftGrid Client
2014-03-02 08:07 - 2014-03-02 08:07 - 00001296 _____ () C:\Users\kelcie\Desktop\esetsmartinstaller_enu - Shortcut.lnk
2014-03-02 08:07 - 2014-03-02 08:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-02 08:05 - 2014-03-02 08:05 - 02347384 _____ (ESET) C:\Users\kelcie\Downloads\esetsmartinstaller_enu.exe
2014-03-02 07:56 - 2014-03-02 07:56 - 00057623 _____ () C:\Users\kelcie\Desktop\JRT.txt
2014-03-02 07:34 - 2014-03-02 07:34 - 00000000 ____D () C:\Windows\ERUNT
2014-03-02 07:32 - 2014-03-01 12:05 - 00001393 _____ () C:\Users\kelcie\Desktop\JRT - Shortcut.lnk
2014-03-01 15:40 - 2011-09-19 20:36 - 00000908 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001Core.job
2014-03-01 13:00 - 2014-03-01 12:42 - 00000000 ____D () C:\AdwCleaner
2014-03-01 12:42 - 2014-03-01 12:03 - 00001466 _____ () C:\Users\kelcie\Desktop\AdwCleaner - Shortcut.lnk
2014-03-01 12:12 - 2014-03-01 12:12 - 00028236 _____ () C:\Users\kelcie\Downloads\Result.txt
2014-03-01 12:04 - 2014-03-01 12:04 - 01037734 _____ (Thisisu) C:\Users\kelcie\Downloads\JRT.exe
2014-03-01 12:03 - 2014-03-01 12:02 - 01244192 _____ () C:\Users\kelcie\Downloads\AdwCleaner.exe
2014-03-01 12:01 - 2014-03-01 12:01 - 00001466 _____ () C:\Users\kelcie\Desktop\tdsskiller - Shortcut.lnk
2014-03-01 12:00 - 2014-03-01 12:00 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\kelcie\Downloads\tdsskiller.exe
2014-03-01 11:53 - 2014-03-01 11:53 - 00001471 _____ () C:\Users\kelcie\Desktop\MiniToolBox - Shortcut.lnk
2014-03-01 11:53 - 2014-03-01 11:52 - 00982016 _____ (Farbar) C:\Users\kelcie\Downloads\MiniToolBox.exe
2014-02-26 16:17 - 2014-02-26 16:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 16:15 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-26 16:02 - 2014-02-26 15:57 - 00007436 _____ () C:\Windows\IE11_main.log
2014-02-26 15:59 - 2014-02-26 15:59 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-26 15:59 - 2014-02-26 15:59 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-26 15:59 - 2014-02-26 15:59 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-26 15:59 - 2014-02-26 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-26 15:59 - 2014-02-26 15:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-26 15:59 - 2014-02-26 15:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-26 15:59 - 2014-02-26 15:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-26 15:58 - 2014-02-26 15:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-26 15:58 - 2014-02-26 15:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-26 15:58 - 2014-02-26 15:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-26 15:58 - 2014-02-26 15:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-26 15:58 - 2014-02-26 15:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-26 15:45 - 2011-07-22 08:40 - 00000000 ____D () C:\Windows\Minidump
2014-02-25 16:28 - 2014-02-24 16:00 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-24 16:00 - 2014-02-24 16:00 - 00001055 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-02-24 16:00 - 2014-02-24 16:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-24 15:04 - 2014-02-24 15:04 - 04095448 _____ (BrightFort LLC ) C:\Users\kelcie\Downloads\spywareblastersetup50.exe
2014-02-24 14:47 - 2011-01-03 16:45 - 00000000 ____D () C:\Users\kelcie\AppData\Local\Adobe
2014-02-24 14:46 - 2014-02-24 14:46 - 00001991 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-24 14:46 - 2010-07-14 06:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-24 14:46 - 2010-07-14 06:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-23 18:18 - 2014-02-23 18:18 - 00001056 _____ () C:\Users\kelcie\Desktop\checkup.txt
2014-02-23 18:10 - 2014-02-23 18:09 - 00987425 _____ () C:\Users\kelcie\Downloads\SecurityCheck.exe
2014-02-22 16:37 - 2014-02-22 16:37 - 00157510 _____ () C:\Users\kelcie\Downloads\OTL.Txt
2014-02-22 15:55 - 2014-02-22 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\kelcie\Downloads\OTL.exe
2014-02-22 15:50 - 2011-04-16 14:44 - 00000000 ____D () C:\Users\kelcie\AppData\Local\Windows Live
2014-02-22 15:30 - 2012-04-08 19:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 15:30 - 2012-04-08 19:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-22 15:30 - 2011-08-07 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-22 12:12 - 2014-02-18 15:58 - 00049130 _____ () C:\Users\kelcie\Downloads\FRST.txt
2014-02-22 12:02 - 2012-04-24 21:45 - 00000000 ____D () C:\Users\kelcie\Documents\My Digital Editions
2014-02-22 12:01 - 2014-02-18 16:01 - 00041234 _____ () C:\Users\kelcie\Downloads\Addition.txt
2014-02-22 11:31 - 2014-02-22 11:29 - 02154496 _____ (Farbar) C:\Users\kelcie\Downloads\FRST64.exe
2014-02-22 11:30 - 2014-02-19 17:56 - 00000000 ____D () C:\Users\kelcie\Downloads\FRST-OlderVersion
2014-02-19 17:27 - 2013-08-08 10:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 17:24 - 2011-04-18 07:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-19 17:19 - 2010-12-25 13:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 17:19 - 2010-12-25 13:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 13:52 - 2014-02-18 13:52 - 00000000 ____D () C:\Windows\pss
2014-02-16 15:01 - 2014-02-16 14:55 - 00000000 ____D () C:\Program Files (x86)\TweakNow RegCleaner 2012
2014-02-16 14:56 - 2014-02-16 14:56 - 00001943 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-16 14:55 - 2014-02-16 14:55 - 00002019 _____ () C:\Users\Public\Desktop\TweakNow RegCleaner 2012.lnk
2014-02-16 14:55 - 2014-02-16 14:55 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-16 14:55 - 2014-02-06 17:13 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\TweakNow RegCleaner 2012
2014-02-12 06:56 - 2014-02-12 06:56 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\Malwarebytes
2014-02-12 06:55 - 2014-02-12 06:55 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 06:55 - 2014-02-12 06:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 06:55 - 2014-02-12 06:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 14:29 - 2014-02-11 14:29 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\WildTangent
2014-02-11 14:29 - 2011-05-08 16:33 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-11 10:57 - 2014-02-08 15:45 - 00001978 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-11 10:50 - 2010-12-25 09:09 - 00000000 ____D () C:\Users\kelcie
2014-02-11 10:48 - 2014-02-10 11:30 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-02-11 10:48 - 2014-02-10 11:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-11 10:48 - 2014-02-10 11:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-11 10:48 - 2013-03-09 21:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-11 10:48 - 2011-11-03 19:49 - 00000000 __HDC () C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
2014-02-11 10:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-02-11 10:47 - 2012-02-08 19:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-11 10:47 - 2011-05-14 08:26 - 00000000 ____D () C:\ProgramData\Apple
2014-02-10 11:35 - 2011-04-15 18:29 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-02-10 11:31 - 2014-02-10 11:31 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\TuneUp Software
2014-02-10 11:08 - 2014-02-10 11:06 - 55352744 _____ (TuneUp Software) C:\Users\kelcie\Downloads\TuneUpUtilities2014_en-US.exe
2014-02-10 10:09 - 2014-02-10 10:09 - 07072616 _____ (TweakNow.com ) C:\Users\kelcie\Downloads\RegCleaner7201.exe
2014-02-10 09:43 - 2014-02-10 09:43 - 00401752 _____ (Softonic ) C:\Users\kelcie\Downloads\SoftonicDownloader_for_tweaknow-regcleaner.exe
2014-02-10 07:41 - 2010-07-14 06:23 - 00000000 ____D () C:\Program Files (x86)\Packard Bell
2014-02-09 16:20 - 2010-07-14 06:34 - 00000000 ____D () C:\Program Files\Google
2014-02-09 16:20 - 2010-07-14 06:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 16:19 - 2014-02-09 16:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-09 15:46 - 2010-12-25 09:27 - 00000000 ____D () C:\Users\kelcie\AppData\Local\Google
2014-02-09 15:46 - 2010-07-14 06:34 - 00000000 ____D () C:\ProgramData\Google
2014-02-09 12:50 - 2014-02-09 12:48 - 58080904 _____ (Microsoft Corporation) C:\Users\kelcie\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2014-02-09 12:29 - 2014-02-09 12:29 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\AVAST Software
2014-02-09 12:25 - 2014-01-12 18:48 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-09 12:25 - 2011-02-27 09:25 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-09 12:25 - 2011-02-27 09:24 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-09 12:25 - 2011-02-27 09:24 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-09 12:25 - 2011-02-27 09:24 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-09 12:25 - 2011-02-27 09:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-09 12:10 - 2014-02-09 12:06 - 90578216 _____ (AVAST Software) C:\Users\kelcie\Downloads\avast_free_antivirus_setup.exe
2014-02-08 21:20 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-08 21:20 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(9).TXT
2014-02-08 20:28 - 2014-02-08 20:28 - 00001139 _____ () C:\Users\kelcie\Desktop\Pictures - Shortcut.lnk
2014-02-08 18:11 - 2009-07-14 04:45 - 00271704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-08 16:53 - 2010-12-25 09:09 - 00059096 _____ () C:\Users\kelcie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-08 16:41 - 2010-12-25 09:28 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\Adobe
2014-02-08 15:19 - 2012-02-08 19:25 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-08 15:19 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-08 15:18 - 2014-02-06 17:12 - 00000000 ____D () C:\Program Files (x86)\TweakNow RegCleaner
2014-02-08 15:18 - 2009-07-14 07:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-06 17:12 - 2014-02-06 17:12 - 00000000 ____D () C:\Users\kelcie\AppData\Roaming\TweakNow RegCleaner
2014-02-06 12:16 - 2014-02-27 14:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-27 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-27 14:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-27 14:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-27 14:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-27 14:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-27 14:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-27 14:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-27 14:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-27 14:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-27 14:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-27 14:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-27 14:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-27 14:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-27 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-27 14:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-27 14:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-27 14:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-27 14:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-27 14:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-27 14:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-27 14:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-27 14:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-27 14:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-27 14:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-27 14:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-27 14:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-27 14:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-27 14:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-27 14:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-27 14:16 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-27 14:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-27 14:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-27 14:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-27 14:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-27 14:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-27 14:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-27 14:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-27 14:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-16 10:54
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by kelcie at 2014-03-08 21:59:15
Running from C:\Users\kelcie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bonzuna (HKLM-x32\...\{E7871729-C76F-49FE-9D37-EB4B7BF87206}) (Version: 1.0.0 - Search Core Systems)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
Driving Test Success - All Tests 2012 Edition (HKLM-x32\...\{EF570A1B-7593-4EDB-8AF0-8041F2A7A81B}_is1) (Version: 16.0 - Imagitech Ltd.)
Driving Theory Test Express v3.1.0.0 (HKLM-x32\...\Driving Theory Test Express v3.1.0.0_is1) (Version:  - Oasis Business Services Int. Ltd.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMule (HKLM-x32\...\eMule) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}) (Version: 1.0.0.500 - KSS)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{05d1b0cd-eb73-4b89-91f6-fdb67ad091df}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1721 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1721 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.48 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.48 - Trusteer)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TweakNow RegCleaner 2012 (HKLM-x32\...\TweakNow RegCleaner 2012_is1) (Version: 7.2.0.1 - TweakNow.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Video Web Camera (HKLM-x32\...\{7349A6DB-413F-4CF8-B095-87EC8055B5DF}) (Version: 2.0.5.4 - Liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3002 - Packard Bell)
WildTangent Games App (Packard Bell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell) (Version: 4.0.5.21 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
11-02-2014 13:12:05 Windows Modules Installer
11-02-2014 13:12:48 Windows Modules Installer
11-02-2014 13:13:32 Windows Modules Installer
11-02-2014 13:14:17 Windows Modules Installer
16-02-2014 15:08:22 Windows Update
19-02-2014 17:10:41 Windows Update
22-02-2014 07:58:26 Installed Rapport
22-02-2014 16:12:45 OTL Restore Point - 22/02/2014 16:12:45
24-02-2014 18:49:19 Windows Modules Installer
25-02-2014 07:35:38 Windows Update
25-02-2014 08:23:48 Windows Update
26-02-2014 15:50:32 Windows Update
26-02-2014 15:56:22 Windows Update
27-02-2014 14:15:19 Windows Update
04-03-2014 12:55:19 Windows Update
08-03-2014 20:33:57 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2014-03-08 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {018F541D-488F-4E13-8F2D-D03AA95E173E} - System32\Tasks\{70D00926-556F-41AC-A160-01F2977BE500} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {0BD14426-51DD-4DAA-B459-2C31C5ABC679} - System32\Tasks\{4E305417-8B68-46F3-8BB5-F692E0F513D2} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {0DA0451B-9565-48F4-9F29-308D9839BE6B} - System32\Tasks\{2B3282A1-F166-43F5-B7AE-C7FC011AFC90} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {12225F5C-A51E-4614-8871-014C6BD06D6A} - System32\Tasks\{2D0FA32F-D308-4C1F-A3AF-A8DE3C14BB49} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {1401811F-0CA6-4951-B5D9-F18EE50102AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25] (Google Inc.)
Task: {15046D27-D1E1-4558-8BEF-FA4CF4DCE4E6} - System32\Tasks\{B9634E50-D6AD-4C12-AD24-1B84D81CFC4F} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {153506A8-1346-48D1-B9C1-79E7A01394BF} - System32\Tasks\{CA126C53-5C14-4203-95D9-5C60F514F432} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {1A377C59-9C4C-42DB-BD8A-D28F6B130681} - System32\Tasks\{7D331AB2-3156-4EB8-ADFF-65DBEA51CCED} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {203FBD77-D99E-4A19-BFD0-DC8933EA4A74} - System32\Tasks\{1CEB3684-E7AA-4C1E-98EC-15279D5FD5A5} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {263B871F-BDF9-4EBE-9888-D176341B0C4E} - System32\Tasks\{7F8F42BE-0509-4EC7-A588-3DDA757EBD10} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {2C730E29-0C81-4874-932F-96C50A6110A3} - System32\Tasks\{3F67E6DD-44BB-423E-9355-22764AF6441E} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {305F6CA4-B64E-46CA-AB7E-429099B76371} - System32\Tasks\{C5A29050-7AD3-4A5B-94BF-5C008489E40B} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {41237E5F-B57C-4189-9EE6-F070FFB1A0B5} - System32\Tasks\{962F3EE5-EABF-4582-8B47-8EC569165E6F} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {423C51AE-47B3-4FAA-97CE-A70433E0A5FC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-09] (AVAST Software)
Task: {443F19B6-D0C5-4E01-9B9B-B39CEB708419} - System32\Tasks\{2C41B2D7-D585-4028-9A29-458CDE094394} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {4922B0DF-120E-4392-9BC5-D5140F64E334} - System32\Tasks\{68C2262B-6A5A-48C0-B985-D13474880543} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {5893C5B6-8566-4A95-AA35-34C04B37D736} - System32\Tasks\{331AA0B9-CBCF-4E50-A2C3-98E4F088F65E} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {6221C13A-35C4-401F-A31B-0E1CDA54FAD7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001UA => C:\Users\kelcie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7032B645-777B-411C-AE3F-B0DD4163B27C} - System32\Tasks\{A0DB1B9E-4197-42FC-B3E3-282226906C81} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {71464BB9-0E88-4525-AD1D-4F6A3F767232} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {719011A3-BB51-496D-9F6F-80E5BAF0AC90} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSA.exe <==== ATTENTION
Task: {74CE2B62-8487-4A01-856D-BF2865BACD45} - System32\Tasks\{11C85577-069C-4A45-9D84-73E8C46404D1} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {767824A7-4799-4D9A-B8F7-49D51FF803B6} - System32\Tasks\{8D13DB5B-15D7-49D8-8E75-40B854E2ABBA} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {79E5FCA6-D811-4749-B870-BFC78270C98D} - System32\Tasks\{4B447BD3-BB60-4615-A6C5-9476A19E9AE1} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {7BC11717-A443-4183-BACB-AB286F3727F2} - System32\Tasks\{D6F4347A-32CA-49BF-8AC4-281D591654CB} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {7E1BE3DB-5888-4E92-897A-81B30A0D21AA} - System32\Tasks\{10765747-99A0-4044-9CBF-ED5025193141} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {80370285-D2D4-4017-A046-8ACE07FDD9C1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001Core => C:\Users\kelcie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {8BCF32A0-B822-4911-BFD2-60FE646DFBD9} - System32\Tasks\{F762BEEF-91DE-41E1-9AE7-3EE0DBAAE921} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {8E396EE8-EC36-4587-A1A5-FF5622528142} - System32\Tasks\{14042D2F-8D3F-48AD-90EA-C93E857BF3AB} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {914BC20A-E757-4535-8089-CA5B2E560840} - System32\Tasks\{C2328B0E-7C0C-467D-BFBE-4A053778345C} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {9466D8D6-AD95-4C9C-BD9A-D8EB0C08DE80} - System32\Tasks\{B556CB86-5184-4225-92EE-DF9BD6AE757A} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {9B1E51E7-9903-416E-8319-61BAECBB250C} - System32\Tasks\{08F73F5A-21D4-4BE3-A0BE-C2240DC7BDBA} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {AA3168B5-E9E0-40A3-B960-D4C0ADD3272A} - System32\Tasks\{91D2477A-4CD8-4291-A638-BDDDF17BBB19} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {AAC101C9-B77A-45D5-8E6C-EC922EC86922} - System32\Tasks\{96D31244-F7D6-4BEF-84B4-CB96FB881083} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {AC1DB637-BF51-45BB-8020-9F4B6F428658} - System32\Tasks\{4A4CC68D-6C5A-4932-9999-8BAD3B27B0AA} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {BA052C85-BCF5-4B9C-BE5A-0A98D28E02ED} - System32\Tasks\{84392FA2-AEB5-4E38-A612-F17AC6FA8AFC} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {BA9AEAA3-3EC0-4D39-896E-0AB9D0706B3B} - System32\Tasks\{F80256F5-6CCB-4BB1-A041-A6E24D141BC0} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {BBAB97E5-08C5-4212-A6E1-BE27C9B1B9CB} - System32\Tasks\{77A6A689-8B9B-4DC2-96FD-22F658053E9B} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {BC21ABD8-0265-4557-89B0-D158B93ED734} - System32\Tasks\{51D2CA94-F21A-4262-A9C2-B86EC44E2704} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {C5617C32-6359-4894-86FD-3798B414AC45} - System32\Tasks\{BFE6C273-C155-478B-A231-EEBCF8258CAC} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {C9E6D0D5-57F7-4C1D-917F-C8E51449AF13} - System32\Tasks\{B5215259-A853-476A-A56B-982CEEB57A8A} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {CD933F6F-571A-495D-9A0A-405D1615FAFF} - System32\Tasks\{54EE3F30-0496-4737-8382-A1F37F1EBFD5} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {D15628A1-7EBD-4701-B42C-8EDC2174B653} - System32\Tasks\{909BAE42-E701-4169-9F9B-86BEA82654AF} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {DEFF3896-3960-43E0-AACC-80F0A7B5EA44} - System32\Tasks\{3159E7F1-3B32-4753-88CD-17BA554108E8} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {E51510D5-8BAC-4833-9D3E-4B1E831BFC66} - System32\Tasks\{9EEF534B-22F0-417B-8470-41EEB4683C95} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {F478FCF2-71CC-4823-8CB9-9AA77BDD87C7} - System32\Tasks\{862D669B-8221-48A0-BAA9-F37AAE523368} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {F5D7761F-1E14-4FED-B479-8923F6E09E99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25] (Google Inc.)
Task: {F8A1EF35-7208-4E58-BAD5-64A71D1580E7} - System32\Tasks\{DD830119-B81A-4D68-B626-767B0E8BF8E4} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {F8BCEB55-BBEB-43C8-8DF8-BC133E611247} - System32\Tasks\{F37716E4-AC13-464C-B5DC-FC3EA40DB57B} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-02-09] (AVAST Software)
Task: {FA9F369F-73BB-41AA-B205-9DF808AF6CD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001Core.job => C:\Users\kelcie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2351789889-1854393074-3027101475-1001UA.job => C:\Users\kelcie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-21 18:56 - 2011-03-21 18:56 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2012-03-11 12:53 - 2014-02-08 18:50 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-03-08 20:30 - 2014-03-08 09:17 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14030800\algo.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-05-25 00:16 - 2010-05-25 00:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-05-25 00:09 - 2010-05-25 00:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-03-21 18:57 - 2011-03-21 18:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-01-12 18:47 - 2014-01-12 18:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-22 16:20 - 2014-02-22 16:20 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-14 06:12 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Security Scan.lnk => C:\Windows\pss\Kaspersky Security Scan.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoWebCamera.exe.lnk => C:\Windows\pss\VideoWebCamera.exe.lnk.CommonStartup
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2014 09:59:34 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: BITS connection error Type: 150::InternetConnectionFailure.
 
Error: (03/08/2014 09:50:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/08/2014 09:50:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/08/2014 09:49:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/08/2014 09:49:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/08/2014 09:28:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/08/2014 09:28:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/08/2014 08:39:56 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: BITS connection error Type: 150::InternetConnectionFailure.
 
Error: (03/08/2014 08:29:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/08/2014 08:29:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/08/2014 09:16:44 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2014 09:15:15 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/08/2014 09:07:07 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/04/2014 01:31:31 PM) (Source: Service Control Manager) (User: )
Description: The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/08/2014 09:59:34 PM) (Source: CVHSVC)(User: )
Description: Error: BITS connection error Type: 150::InternetConnectionFailure.
 
Error: (03/08/2014 09:50:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\kelcie\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/08/2014 09:50:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe.Manifest
 
Error: (03/08/2014 09:49:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\kelcie\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/08/2014 09:49:10 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe.Manifest
 
Error: (03/08/2014 09:28:37 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe.Manifest
 
Error: (03/08/2014 09:28:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\kelcie\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/08/2014 08:39:56 PM) (Source: CVHSVC)(User: )
Description: Error: BITS connection error Type: 150::InternetConnectionFailure.
 
Error: (03/08/2014 08:29:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe.Manifest
 
Error: (03/08/2014 08:29:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\kelcie\Downloads\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-08 21:15:15.250
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-08 21:15:14.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 36%
Total physical RAM: 4025.97 MB
Available physical RAM: 2557.89 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 6483.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:219.79 GB) (Free:145.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 79E88B8F)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 08 March 2014 - 06:57 PM

Greetings Sylvia, it is my pleasure to work with you.

A couple things I need to caution you about and then we will continue with our steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have eMule installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again. There are also a couple of open ports assigned to eMule which allows access to your computer.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall eMule, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Use of Registry Cleaner Not Recommended

--------------------

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {719011A3-BB51-496D-9F6F-80E5BAF0AC90} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSA.exe <==== ATTENTION
C:\Program Files (x86)\ClickPotatoLite
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Computer Specifications Report Using Speccy by Piriform

--------------------
  • Download Speecy and save it to your desktop
  • Double click on the icon, click Next, then click install
  • Uncheck View Release notes then click Finish
  • Allow the screen to be populated with your computer information
  • Click File, then select Publish Snapshot...
  • Click Yes, then select Copy to Clipboard
  • Paste the link in your reply
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Test Chrome
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Speecy link
  • How is Chrome behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 09 March 2014 - 01:04 PM

Hello again - I have uninstalled eMule.  The Fixlog is ready to be pasted for you to see but I have not been able complete the report from the Speecy tool.  I got as far as selecting Publish Snapshot and then I see this message "Error connecting to publishing server"  and I do not get the option to say Yes or Copy to Clipboard and no link to post for you.

 

I will post the Fixlog but won't go any further until you tell me what I should do - sorry about this.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01
Ran by kelcie at 2014-03-09 17:11:16 Run:2
Running from C:\Users\kelcie\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {719011A3-BB51-496D-9F6F-80E5BAF0AC90} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSA.exe <==== ATTENTION
C:\Program Files (x86)\ClickPotatoLite
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{719011A3-BB51-496D-9F6F-80E5BAF0AC90} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719011A3-BB51-496D-9F6F-80E5BAF0AC90} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
"C:\Program Files (x86)\ClickPotatoLite" => File/Directory not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
==== End of Fixlog ====


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 09 March 2014 - 01:52 PM

Run Speecy again but this time select File, Save Snapshot..., Desktop on the left hand side then Save. Attach the file to your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 10 March 2014 - 02:47 AM

Good morning Gary - I have attached the Speecy snapshot.  I carried out the Chrome test and everything seems to be working well - 100% better than it has been.

 

The reason I downloaded RegCleaner was because I was unable to uninstall programmes using add/remove  - which was so bad it removed programmes at will even if| I didn't want them removed.

 

Thank you for your patience, Sylvia



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 10 March 2014 - 08:49 AM

Hi Sylvia,

The Speecy report is not attached.

Understood regarding program removal. You can also use Revo Uninstaller Free, which I recommend.

You have a corrupted add-on in Chrome and that is what is causing your issue. We are going to run a couple of programs to try to resolve it but if they are not successful we can do it manually.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Security Check log
  • Attached Speecy report
  • How is your computer/Chrome behaving now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 10 March 2014 - 12:53 PM

Hello again Gary - I think I am in trouble (and this is my Grand-daughter's laptop).  I think I followed your instructions correctly with AdwCleaner  but I am now unable to open Chrome.  When I click on the icon it goes to the taskbar and I cannot get it to open -  I am now using internet explorer.

 

I will post the logfile and try to attach the Speecy report but I won't do anything else until I hear from you again.

 

 

# AdwCleaner v3.021 - Report created 10/03/2014 at 16:42:16
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kelcie - KELCIE-PC
# Running from : C:\Users\kelcie\Desktop\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\kelcie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url

*************************

AdwCleaner[R0].txt - [7505 octets] - [01/03/2014 12:42:55]
AdwCleaner[R1].txt - [729 octets] - [10/03/2014 16:42:16]
AdwCleaner[S0].txt - [14699 octets] - [01/03/2014 13:00:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [849 octets] ##########

 

 

I tried to attach the Speecy Snapshot report and got a message saying I was not permitted to upload this kind if file.

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 10 March 2014 - 03:15 PM

We are OK.

Did you reboot your computer and still have the same issue with Chrome?

Zip the Speecy report and you should be able to attach it.

Edited by Oh My, 10 March 2014 - 03:18 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 11 March 2014 - 08:43 AM

Thank you again – this is the second attempt to post a reply as the first one disappeared before I had finished.

I have attached the zipped Speecy snapshot.  Are you aware that I was referred here from a different forum and was directed to that one from a SpywareInfo forum and so I have already used some of these tools on this laptop.

I had been asked to remove the battery and I haven’t replaced it yet.  This morning it took several attempts to start even though I could see the light on the adapter and I am wondering whether there is a problem with the cable.

Chrome is still going to the taskbar – even after restarting.

Several programmes started when I tried to open Chrome – it seems as though they open as soon as the cursor starts to move and then I struggle to get them all closed.

Do you still want me to carry on with the junkware removal tool  and Screen317 check.

Thank you again for your assistance, Sylvia

 

 

 

 

 

 

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 11 March 2014 - 09:46 AM

Thank you for the information regarding the previous run of programs. I wanted to compare then and now but your symptoms are more significant and warrant additional malware scans. Please do these for me.

First, while the computer is unplugged and the batter removed hold down the power button for at leat 15 seconds. After that complete the following.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 12 March 2014 - 05:05 AM

Thank you again Gary.  This is the second attempt to reply - I got interrupted when I was replying and the reply slid to the bottom of the pane and I was unable to continue.  When I tried to open a new session Internet Explorer would not respond.  This time about 12 pages of internet explorer opened but none would respond - I eventually managed to close all but one of them.  Still unable to use Chrome - it seems to shoot along the taskbar and back again but won't open.

 

The laptop has started easily each time after I followed your instructions.

 

Rogue Killer can't be downloaded is the message I get - then Internet Explorer stopped working and restarted itself.  I have tried this several times - even chose the option to download and run but it wouldn't work.  Sorry about this, Sylvia.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 12 March 2014 - 08:45 AM

Hi Sylvia,

No need to apologize. These things take time to work through. Please do this.

===================================================

Launching Internet Explorer Without Add-ons from Run Box

--------------------
  • Click Start, then Run
  • Type in iexplore.exe -extoff and press Enter
  • Test Internet Explorer
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Does Internet Explorer work properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 woodville

woodville
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 12 March 2014 - 12:21 PM

Thank you Gary - that seems to have done the trick.  I looked at a couple of sites and everything was OK.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users