Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 COM SURROGATE virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 Fluffy

Fluffy

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 28 August 2014 - 02:42 PM

Multiple instances of dllhost are running in task manager and slowing my pc down to the point where it becomes unusable if I don't end the processes. Ran scans, not sure which one(s) you need or if you're going to want something different. Below, find Mbam, Rkill, sec.checkup,FFS, and Minitoolbox. Mbar is not able to complete a scan - locks up partway through the process.

 

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.1.7601 Service Pack 1

8/28/2014 3:24:36 PM
mbam-log-2014-08-28 (15-24-36).txt

Scan type: Quick Scan
Objects scanned: 127731
Time elapsed: 1 hour(s), 38 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/28/2014 08:57:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\Windows\system64 => c:\users [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/28/2014 08:59:12 PM
Execution time: 0 hours(s), 2 minute(s), and 3 seconds(s)

 

 

 

 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java™ 6 Update 22 
 Java version out of Date!
 Adobe Reader XI 
 Mozilla Firefox 24.0 Firefox out of Date! 
 Google Chrome 20.0.1132.57 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

 

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Heather (administrator) on 28-08-2014 at 21:14:47
Running from "C:\Users\Heather\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Heather (administrator) on 28-08-2014 at 21:45:05
Running from "C:\Users\Heather\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 5 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1428 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Wireless Network Connection 3" address=192.168.16.2 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Heather-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #4
   Physical Address. . . . . . . . . : A0-88-B4-0B-F5-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
   Physical Address. . . . . . . . . : A0-88-B4-0B-F5-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
   Physical Address. . . . . . . . . : A0-88-B4-0B-F5-E0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::697a:2671:b327:5a9%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, August 28, 2014 8:33:11 PM
   Lease Expires . . . . . . . . . . : Friday, August 29, 2014 8:33:10 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 228624564
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7A-04-03-B8-70-F4-91-3D-B7
   DNS Servers . . . . . . . . . . . : 207.70.128.209
                                       207.70.172.13
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : B8-70-F4-91-3D-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B57C62D5-36B5-443E-8218-56E4AEC78D0D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3469:f41:b35b:9a85(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3469:f41:b35b:9a85%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{60476B84-763D-48C6-B20C-C18BE83E9B8A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A1BBF42B-196D-45D1-84DB-8532DF33E938}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{62AEB534-5EF2-4A23-9735-490912A9A787}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  lufk-dns-vip.consolidated.net
Address:  207.70.128.209

Name:    google.com
Addresses:  2607:f8b0:4000:801::1006
   74.125.227.129
   74.125.227.131
   74.125.227.134
   74.125.227.135
   74.125.227.137
   74.125.227.133
   74.125.227.128
   74.125.227.142
   74.125.227.130
   74.125.227.132
   74.125.227.136

Pinging google.com [74.125.227.136] with 32 bytes of data:
Reply from 74.125.227.136: bytes=32 time=39ms TTL=54
Reply from 74.125.227.136: bytes=32 time=32ms TTL=54

Ping statistics for 74.125.227.136:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 39ms, Average = 35ms
Server:  lufk-dns-vip.consolidated.net
Address:  207.70.128.209

Name:    yahoo.com
Addresses:  98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=112ms TTL=46
Reply from 206.190.36.45: bytes=32 time=114ms TTL=46

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 112ms, Maximum = 114ms, Average = 113ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...a0 88 b4 0b f5 e1 ......Microsoft Virtual WiFi Miniport Adapter #4
 18...a0 88 b4 0b f5 e1 ......Microsoft Virtual WiFi Miniport Adapter #3
 17...a0 88 b4 0b f5 e0 ......Intel® Centrino® Advanced-N 6205
 11...b8 70 f4 91 3d b7 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    281
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:6ab8:3469:f41:b35b:9a85/128
                                    On-link
 17    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::3469:f41:b35b:9a85/128
                                    On-link
 17    281 fe80::697a:2671:b327:5a9/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 17    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2014 08:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 07:37:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 05:03:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc00000fd
Fault offset: 0x00100c71
Faulting process id: 0x1d96c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 02:13:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x0015062f
Faulting process id: 0x17fd8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 02:04:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x00136cef
Faulting process id: 0x1cb88
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 01:22:34 PM) (Source: Application on Demand - GTR) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 09:42:47 PM) (Source: Application on Demand - GTR) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 09:13:25 PM) (Source: Application on Demand - GTR) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 08:55:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: GTR.exe, version: 8.8.4.0, time stamp: 0x53c6e3c8
Faulting module name: Flash32_13_0_0_182.ocx, version: 13.0.0.182, time stamp: 0x533390a3
Exception code: 0xc0000005
Fault offset: 0x0020c6b3
Faulting process id: 0x165ac
Faulting application start time: 0xGTR.exe0
Faulting application path: GTR.exe1
Faulting module path: GTR.exe2
Report Id: GTR.exe3

Error: (08/27/2014 05:10:58 PM) (Source: Application on Demand - GTR) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

System errors:
=============
Error: (08/28/2014 08:36:45 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/28/2014 08:34:19 PM) (Source: Service Control Manager) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Error: (08/28/2014 08:33:57 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/28/2014 08:33:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/28/2014 07:39:15 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/28/2014 07:37:42 PM) (Source: Service Control Manager) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Error: (08/28/2014 05:44:06 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/28/2014 01:18:40 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (08/27/2014 05:33:09 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/27/2014 05:31:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (08/28/2014 08:34:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 07:37:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 05:03:17 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c00000fd00100c711d96c01cfc30bb4b65b44C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll1d294d87-2eff-11e4-952c-b870f4913db7

Error: (08/28/2014 02:13:46 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c00000050015062f17fd801cfc2f3622f27ffC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll6e4efd55-2ee7-11e4-952c-b870f4913db7

Error: (08/28/2014 02:04:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c000000500136cef1cb8801cfc2f22f43e562C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll1127923f-2ee6-11e4-952c-b870f4913db7

Error: (08/28/2014 01:22:34 PM) (Source: Application on Demand - GTR)(User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 09:42:47 PM) (Source: Application on Demand - GTR)(User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 09:13:25 PM) (Source: Application on Demand - GTR)(User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 08:55:07 PM) (Source: Application Error)(User: )
Description: GTR.exe8.8.4.053c6e3c8Flash32_13_0_0_182.ocx13.0.0.182533390a3c00000050020c6b3165ac01cfc2613f731d11C:\Program Files (x86)\Free Ride Games\IGL\10950000\GTR.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_182.ocx55c1937d-2e56-11e4-952c-b870f4913db7

Error: (08/27/2014 05:10:58 PM) (Source: Application on Demand - GTR)(User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

 

=========================== Installed Programs ============================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
aioprnt (Version: 5.7.4.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.0.2.0 - Your Company Name) Hidden
Alganon (HKLM-x32\...\Alganon2.7.0.2510) (Version: 2.7.0.2510 - Quest Online)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
ArtMoney SE v7.38 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.38 - System SoftLab)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
calibre (HKLM-x32\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Click-N-Ship® for Business (HKLM-x32\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 4.0.54.0 - United States Postal Service)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2531.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DragonNest (HKLM-x32\...\DragonNest) (Version:  - )
Easy Card Creator (HKLM-x32\...\{E2A932B8-A1D0-4386-B77E-5E3C6D0398A5}) (Version: 5.20.46.10 - Easy Trinity)
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.3 - emusic.com)
EQ5 (HKLM-x32\...\InstallShield_{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}) (Version: 1.00.0000 - Electric Quilt Company)
EQ5 (x32 Version: 1.00.0000 - Electric Quilt Company) Hidden
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FastStone Image Viewer 3.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.7 - FastStone Soft)
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
FLV2PC v5.9.0 (HKLM-x32\...\FLV2PC_is1) (Version: 5.9.0 - )
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
Free Ride Games Player (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Gateway Incorporated)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8520 - CyberLink Corporation)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
ID Photo Maker 3.0 Build 213 (HKLM-x32\...\ID Photo Maker_is1) (Version:  - idphotomaker.com)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Kodak AIO Printer (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 6.2.6.20 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Gateway)
LG Verizon United Drivers (HKLM-x32\...\{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}) (Version: 2.5.0 - LG Electronics)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Media Player Utilities 4.41 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.41 -  )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Singing Monsters (HKLM-x32\...\BFG-My Singing Monsters) (Version:  - )
My Tribe 1.00 (HKLM-x32\...\My Tribe 1.00) (Version:  - )
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Photo Crop Editor 1.14 (HKLM-x32\...\{53D11164-C10F-4B66-9FB1-260C141C5F25}) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) Hidden
QuiltAssistant (HKLM-x32\...\QuiltAssist) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.61 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tasty Planet: Back for Seconds (HKLM-x32\...\BFG-Tasty Planet - Back for Seconds) (Version:  - )
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Virtual Families 2: Our Dream House (HKLM-x32\...\BFG-Virtual Families 2 - Our Dream House) (Version:  - )
Virtual Villagers: New Believers (HKLM-x32\...\BFG-Virtual Villagers - New Believers) (Version:  - )
Virtual Villagers: The Lost Children (HKLM-x32\...\BFG-Virtual Villagers The Lost Children) (Version:  - )
Virtual Villagers: The Secret City (HKLM-x32\...\BFG-Virtual Villagers - The Secret City) (Version:  - )
Virtual Villagers: The Tree of Life (HKLM-x32\...\BFG-Virtual Villagers - The Tree of Life) (Version:  - )
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3947.86 MB
Available physical RAM: 1821.91 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5620.67 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.84 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:581.07 GB) (Free:434.07 GB) NTFS
2 Drive d: (CIV4DISC1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT

========================= Users: ========================================

User accounts for \\HEATHER-PC

Administrator            Guest                    Heather                 

========================= Restore Points ==================================

06-08-2014 13:48:26 avast! antivirus system restore point
12-08-2014 18:49:53 Windows Update
13-08-2014 08:00:29 Windows Update
20-08-2014 02:22:11 Windows Update
27-08-2014 16:59:32 Windows Update

**** End of log ****


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 28 August 2014 - 02:51 PM

Hi there,

please run FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 28 August 2014 - 03:10 PM

Thank you for your assistance.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Heather at 2014-08-29 11:28:23
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
aioprnt (Version: 5.7.4.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.0.2.0 - Your Company Name) Hidden
Alganon (HKLM-x32\...\Alganon2.7.0.2510) (Version: 2.7.0.2510 - Quest Online)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
ArtMoney SE v7.38 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.38 - System SoftLab)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
calibre (HKLM-x32\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Click-N-Ship® for Business (HKLM-x32\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 4.0.54.0 - United States Postal Service)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2531.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DragonNest (HKLM-x32\...\DragonNest) (Version:  - )
Easy Card Creator (HKLM-x32\...\{E2A932B8-A1D0-4386-B77E-5E3C6D0398A5}) (Version: 5.20.46.10 - Easy Trinity)
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.3 - emusic.com)
EQ5 (HKLM-x32\...\InstallShield_{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}) (Version: 1.00.0000 - Electric Quilt Company)
EQ5 (x32 Version: 1.00.0000 - Electric Quilt Company) Hidden
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FastStone Image Viewer 3.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.7 - FastStone Soft)
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
FLV2PC v5.9.0 (HKLM-x32\...\FLV2PC_is1) (Version: 5.9.0 - )
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
Free Ride Games Player (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd) <==== ATTENTION
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Gateway Incorporated)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8520 - CyberLink Corporation)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
ID Photo Maker 3.0 Build 213 (HKLM-x32\...\ID Photo Maker_is1) (Version:  - idphotomaker.com)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Kodak AIO Printer (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 6.2.6.20 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Gateway)
LG Verizon United Drivers (HKLM-x32\...\{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}) (Version: 2.5.0 - LG Electronics)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Media Player Utilities 4.41 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.41 -  ) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Singing Monsters (HKLM-x32\...\BFG-My Singing Monsters) (Version:  - )
My Tribe 1.00 (HKLM-x32\...\My Tribe 1.00) (Version:  - )
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Photo Crop Editor 1.14 (HKLM-x32\...\{53D11164-C10F-4B66-9FB1-260C141C5F25}) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) Hidden
QuiltAssistant (HKLM-x32\...\QuiltAssist) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.61 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tasty Planet: Back for Seconds (HKLM-x32\...\BFG-Tasty Planet - Back for Seconds) (Version:  - )
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Virtual Families 2: Our Dream House (HKLM-x32\...\BFG-Virtual Families 2 - Our Dream House) (Version:  - )
Virtual Villagers: New Believers (HKLM-x32\...\BFG-Virtual Villagers - New Believers) (Version:  - )
Virtual Villagers: The Lost Children (HKLM-x32\...\BFG-Virtual Villagers The Lost Children) (Version:  - )
Virtual Villagers: The Secret City (HKLM-x32\...\BFG-Virtual Villagers - The Secret City) (Version:  - )
Virtual Villagers: The Tree of Life (HKLM-x32\...\BFG-Virtual Villagers - The Tree of Life) (Version:  - )
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)

==================== Restore Points  =========================

12-08-2014 18:49:53 Windows Update
13-08-2014 08:00:29 Windows Update
20-08-2014 02:22:11 Windows Update
27-08-2014 16:59:32 Windows Update
29-08-2014 03:49:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BC0E863-01EB-4998-A48C-A112AE2A4F88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {30D383E0-43FD-486C-9654-8F2D16256566} - System32\Tasks\Games\UpdateCheck_S-1-5-21-744858339-710463176-958911846-1001
Task: {6AEE06AD-327E-4DC9-99F4-9FB2380AB5C8} - System32\Tasks\{C0F9827B-13C6-4232-8ACB-227670DF25B5} => Iexplore.exe http://ui.skype.com/ui/0/6.11.59.102/en/abandoninstall?page=tsProgressBar
Task: {6C507EEC-4190-4FF0-BDBF-86E1D48AF2E3} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-08] (globalUpdate)
Task: {6C861667-859E-4E8E-AA1D-FE0B7BBF79BD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6D5C5374-B77B-4A30-9EFC-5647C93E8A57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7CF3F2FE-F676-46D5-9E3C-4E93DD4895BD} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1 => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe <==== ATTENTION
Task: {7E1E4D46-BD55-439C-BCCC-442CCB45AA03} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.exe <==== ATTENTION
Task: {8219199C-E611-4AD2-A368-DB15D19D9D18} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-08] (globalUpdate)
Task: {927D13A0-CBD2-4F69-BBF5-A048799D35EC} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.exe <==== ATTENTION
Task: {97114CF1-F6DA-4B69-A9A1-24DC87968390} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.exe <==== ATTENTION
Task: {9A6B6CAF-F53C-45DE-9BB3-BFD804AB606C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9B3C5891-9AB0-4DA1-ADD7-694015BB38B5} - System32\Tasks\{10DA1114-3CD4-465D-96EE-F1F37ADB0BDC} => Iexplore.exe http://ui.skype.com/ui/0/6.11.59.102/en/abandoninstall?page=tsProgressBar
Task: {A1FEFBAA-7291-4594-8911-60FEDC765B60} - System32\Tasks\733709e2-a1d9-4229-a606-a769796c31af => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.exe <==== ATTENTION
Task: {A3272730-4D64-4BAD-900B-37883BA82473} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2011-04-07] (Acer)
Task: {CD57400C-9155-493C-9826-6D92469824A5} - System32\Tasks\{2889F589-B89F-4D4E-97B4-61E86485D815} => C:\Users\Heather\Desktop\rune_free.exe
Task: {D5916372-B3EA-4CA2-A490-B82B8B989056} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {F0EF6D66-89F3-446D-AFAE-FCB53BC3D6EE} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.exe <==== ATTENTION
Task: {F64398BC-4E96-4806-AB17-C7409E9CD52E} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\733709e2-a1d9-4229-a606-a769796c31af.job => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1.job => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.job => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.job => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.job => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.job => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user.job => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-21 03:54 - 2011-03-25 19:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-14 22:16 - 2010-03-30 10:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
2014-08-06 08:51 - 2014-08-06 08:51 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-28 13:30 - 2014-08-28 13:30 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082701\algo.dll
2014-08-29 11:25 - 2014-08-29 11:25 - 02804224 _____ () C:\Program Files\AVAST Software\Avast\defs\14082803\algo.dll
2011-02-15 13:37 - 2011-02-15 13:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-02-15 13:36 - 2011-02-15 13:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-02-15 13:37 - 2011-02-15 13:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2014-08-28 17:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 17:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 17:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-28 17:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-28 17:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-06 08:51 - 2014-08-06 08:51 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-13 19:14 - 2014-08-13 19:14 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a30dc1ce2757376d1f0f13e904dec4d\IsdiInterop.ni.dll
2011-04-21 03:08 - 2010-09-13 20:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:19C541B5
AlternateDataStreams: C:\ProgramData\Temp:27F44544
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:58E38390
AlternateDataStreams: C:\ProgramData\Temp:60C897F3
AlternateDataStreams: C:\ProgramData\Temp:61A065F2
AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639
AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4
AlternateDataStreams: C:\ProgramData\Temp:B761039D
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2014 11:03:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1958

Start Time: 01cfc397e23583aa

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/29/2014 09:39:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 10:41:16 PM) (Source: Application on Demand - GTR) (EventID: 0) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/28/2014 08:34:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 07:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 05:03:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc00000fd
Fault offset: 0x00100c71
Faulting process id: 0x1d96c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 02:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x0015062f
Faulting process id: 0x17fd8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 02:04:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x00136cef
Faulting process id: 0x1cb88
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 01:22:34 PM) (Source: Application on Demand - GTR) (EventID: 0) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 09:42:47 PM) (Source: Application on Demand - GTR) (EventID: 0) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

System errors:
=============
Error: (08/29/2014 09:42:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/29/2014 09:39:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Error: (08/29/2014 09:39:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/29/2014 09:39:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/28/2014 08:36:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/28/2014 08:34:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Error: (08/28/2014 08:33:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/28/2014 08:33:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/28/2014 07:39:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/28/2014 07:37:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (08/29/2014 11:03:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17239195801cfc397e23583aa47C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/29/2014 09:39:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 10:41:16 PM) (Source: Application on Demand - GTR) (EventID: 0) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/28/2014 08:34:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 07:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 05:03:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c00000fd00100c711d96c01cfc30bb4b65b44C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll1d294d87-2eff-11e4-952c-b870f4913db7

Error: (08/28/2014 02:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c00000050015062f17fd801cfc2f3622f27ffC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll6e4efd55-2ee7-11e4-952c-b870f4913db7

Error: (08/28/2014 02:04:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c000000500136cef1cb8801cfc2f22f43e562C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll1127923f-2ee6-11e4-952c-b870f4913db7

Error: (08/28/2014 01:22:34 PM) (Source: Application on Demand - GTR) (EventID: 0) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (08/27/2014 09:42:47 PM) (Source: Application on Demand - GTR) (EventID: 0) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 50%
Total physical RAM: 3947.86 MB
Available physical RAM: 1950.79 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5735.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:581.07 GB) (Free:435.69 GB) NTFS
Drive d: (CIV4DISC1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1B601EB5)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15.6 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Heather (administrator) on HEATHER-PC on 29-08-2014 11:24:12
Running from C:\Users\Heather\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.)
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [Torntv Downloader] => C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\MountPoints2: {4cff0920-6b0f-11e2-a722-b870f4913db7} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\MountPoints2: {4d7f0cb0-8754-11e1-8199-b870f4913db7} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\MountPoints2: {efc21758-8d8b-11e0-9d23-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-744858339-710463176-958911846-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 207.70.128.209 207.70.172.13

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Keyword.URL: https://www.google.com/search
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic603.dll (eMusic.com)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll (Exent Technologies Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default\searchplugins\trovi-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-28]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-28]
CHR Extension: (avast! WebRep) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-07-28]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38160 2009-06-17] (Malwarebytes Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 11:24 - 2014-08-29 11:25 - 00025434 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-08-29 11:23 - 2014-08-29 11:24 - 00000000 ____D () C:\FRST
2014-08-29 11:23 - 2014-08-29 11:23 - 02103296 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-08-28 21:30 - 2014-08-28 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 21:30 - 2014-08-28 22:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 21:28 - 2014-08-28 22:08 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2014-08-28 21:28 - 2014-08-28 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 21:26 - 2014-08-28 21:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Heather\Desktop\mbar-1.07.0.1012.exe
2014-08-28 21:20 - 2014-08-28 21:46 - 00041640 _____ () C:\Users\Heather\Desktop\Result.txt
2014-08-28 21:19 - 2014-08-28 21:19 - 00401920 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2014-08-28 21:18 - 2014-08-28 21:18 - 00000968 _____ () C:\Users\Heather\Desktop\checkup.txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00002362 _____ () C:\Users\Heather\Desktop\FSS.txt
2014-08-28 21:13 - 2014-08-28 21:13 - 00415232 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2014-08-28 21:01 - 2014-08-28 21:01 - 00854417 _____ () C:\Users\Heather\Desktop\SecurityCheck.exe
2014-08-28 20:54 - 2014-08-28 20:59 - 00002212 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-08-28 20:53 - 2014-08-28 20:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-08-28 20:10 - 2014-08-28 20:10 - 00003096 _____ () C:\dshell.txt
2014-08-28 17:43 - 2014-08-28 17:43 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-28 17:42 - 2014-08-28 19:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 17:42 - 2014-08-28 17:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-28 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2009-06-17 11:27 - 00038160 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-08-28 13:41 - 2009-06-17 11:27 - 00022040 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 09:44 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:44 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:44 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 09:32 - 2014-08-28 09:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{F49306C3-0B9A-42D9-A7F8-85EE3CED763D}
2014-08-27 17:10 - 2014-08-27 17:10 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Meridian93
2014-08-27 03:04 - 2014-08-27 03:04 - 00000000 ____D () C:\ProgramData\GamePlastic
2014-08-26 18:40 - 2014-08-26 18:41 - 00000000 ____D () C:\Users\Heather\Desktop\Big Fish games
2014-08-26 18:39 - 2014-08-27 17:09 - 00000000 ____D () C:\Users\Heather\Desktop\current free ride games
2014-08-23 20:35 - 2014-08-23 20:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{D3F9ED5A-95CE-4181-AB6B-52B9F7E8785E}
2014-08-21 19:18 - 2014-08-21 19:18 - 00000000 ____D () C:\Users\Heather\AppData\Local\{475CA2BE-C852-45E9-B662-09F537A8F898}
2014-08-21 16:00 - 2014-08-21 16:01 - 00262144 _____ () C:\Windows\Minidump\082114-30404-01.dmp
2014-08-20 19:20 - 2014-08-20 19:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\{1E72094B-6478-435B-947D-53F87EED63EF}
2014-08-17 15:47 - 2014-08-17 15:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{6E98F70E-5C90-40B9-9693-18B67246778A}
2014-08-16 20:03 - 2014-08-16 20:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\{53A6CCF8-CF1D-4F96-824E-A7BD02E4A861}
2014-08-16 01:33 - 2014-08-16 01:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B084555C-D971-4CB4-91B3-E758FA35330F}
2014-08-15 13:32 - 2014-08-15 13:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B6968932-687D-4F3A-8A9F-B7FA88BD510C}
2014-08-15 01:31 - 2014-08-15 01:31 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CA815840-F0FA-4E9B-AB0F-535D44F10A12}
2014-08-13 03:03 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:03 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:03 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:03 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:03 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:03 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 18:01 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\Heather\AppData\Local\{801837D7-0039-4F5D-9C0C-6A55AFD8878C}
2014-08-12 14:02 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 14:02 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 14:02 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 14:02 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 14:01 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 14:01 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 14:01 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 14:01 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 14:01 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 14:01 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 14:01 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 14:01 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 14:01 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 14:01 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 14:01 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 14:01 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 14:01 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 14:01 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 14:01 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 14:01 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 14:01 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 14:01 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 14:01 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 14:01 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 14:01 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 14:01 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 14:01 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 14:01 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 14:01 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 14:01 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 14:00 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 14:00 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 14:00 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 14:00 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 14:00 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 14:00 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 14:00 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 14:00 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 14:00 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 14:00 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 14:00 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 14:00 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 14:00 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 14:00 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 14:00 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 14:00 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 14:00 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 14:00 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 14:00 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 14:00 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 14:00 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 14:00 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 14:00 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 14:00 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 14:00 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 14:00 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 14:00 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 13:56 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 13:56 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 13:56 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 13:56 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-09 17:59 - 2014-08-09 17:59 - 00000000 ____D () C:\Users\Heather\AppData\Local\{7B4C40EC-E42E-4A61-9B26-212C3DB6751D}
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4A863419-41C7-48FD-BA1C-18FA3BD76CA2}
2014-08-08 02:17 - 2014-08-08 02:17 - 00000000 ____D () C:\ProgramData\374311380
2014-08-08 00:35 - 2014-08-08 00:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CF71C54D-6AF1-49BF-B60A-7D180803EB7D}
2014-08-08 00:24 - 2014-08-08 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-08 00:22 - 2014-08-29 09:40 - 00003460 _____ () C:\Windows\Tasks\733709e2-a1d9-4229-a606-a769796c31af.job
2014-08-08 00:22 - 2014-08-29 09:40 - 00002308 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.job
2014-08-08 00:22 - 2014-08-29 09:40 - 00001574 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1.job
2014-08-08 00:22 - 2014-08-29 09:40 - 00001474 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user.job
2014-08-08 00:22 - 2014-08-29 09:40 - 00001452 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.job
2014-08-08 00:22 - 2014-08-08 00:22 - 00006490 _____ () C:\Windows\System32\Tasks\733709e2-a1d9-4229-a606-a769796c31af
2014-08-08 00:22 - 2014-08-08 00:22 - 00005338 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4
2014-08-08 00:22 - 2014-08-08 00:22 - 00004604 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1
2014-08-08 00:22 - 2014-08-08 00:22 - 00004482 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5
2014-08-08 00:21 - 2014-08-29 09:40 - 00003806 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.job
2014-08-08 00:21 - 2014-08-29 09:40 - 00002436 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.job
2014-08-08 00:21 - 2014-08-29 09:40 - 00000890 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-08 00:21 - 2014-08-28 18:26 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-08 00:21 - 2014-08-08 00:22 - 00006836 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11
2014-08-08 00:21 - 2014-08-08 00:22 - 00000000 ____D () C:\Program Files (x86)\TheTorntv V10
2014-08-08 00:21 - 2014-08-08 00:21 - 00005466 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3
2014-08-08 00:21 - 2014-08-08 00:21 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-08 00:21 - 2014-08-08 00:21 - 00003638 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Users\Heather\AppData\Local\globalUpdate
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-06 08:52 - 2014-08-06 08:51 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-06 08:51 - 2014-08-06 08:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-04 13:23 - 2014-08-04 13:24 - 00000000 ____D () C:\Users\Heather\AppData\Local\{872A68D1-71A0-469E-9DC1-0CEF14656D2B}
2014-08-02 17:56 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4C7B1FE7-1DF2-46FF-B91A-2E9733DDB75E}
2014-08-01 04:15 - 2014-08-28 19:47 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Trymedia
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-07-31 16:30 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 16:30 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 16:30 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 16:30 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 16:29 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 16:29 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 16:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 16:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 16:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 16:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 16:22 - 2014-07-30 16:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\{07ADB35C-431C-4714-B73E-D28B96179D03}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 11:25 - 2014-08-29 11:24 - 00025434 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-08-29 11:24 - 2014-08-29 11:23 - 00000000 ____D () C:\FRST
2014-08-29 11:23 - 2014-08-29 11:23 - 02103296 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-08-29 09:48 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 09:48 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-29 09:47 - 2011-06-02 21:57 - 01081947 _____ () C:\Windows\WindowsUpdate.log
2014-08-29 09:40 - 2014-08-08 00:22 - 00003460 _____ () C:\Windows\Tasks\733709e2-a1d9-4229-a606-a769796c31af.job
2014-08-29 09:40 - 2014-08-08 00:22 - 00002308 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.job
2014-08-29 09:40 - 2014-08-08 00:22 - 00001574 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1.job
2014-08-29 09:40 - 2014-08-08 00:22 - 00001474 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user.job
2014-08-29 09:40 - 2014-08-08 00:22 - 00001452 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.job
2014-08-29 09:40 - 2014-08-08 00:21 - 00003806 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.job
2014-08-29 09:40 - 2014-08-08 00:21 - 00002436 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.job
2014-08-29 09:40 - 2014-08-08 00:21 - 00000890 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-29 09:38 - 2011-07-05 12:49 - 00000000 ____D () C:\ProgramData\Kodak
2014-08-29 09:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 09:38 - 2009-07-13 23:51 - 00117783 _____ () C:\Windows\setupact.log
2014-08-29 09:38 - 2009-07-13 23:45 - 00366440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:40 - 2011-07-05 03:49 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2014-08-28 22:11 - 2014-08-28 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 22:10 - 2014-08-28 21:30 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 22:08 - 2014-08-28 21:28 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2014-08-28 21:46 - 2014-08-28 21:20 - 00041640 _____ () C:\Users\Heather\Desktop\Result.txt
2014-08-28 21:28 - 2014-08-28 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 21:27 - 2014-08-28 21:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Heather\Desktop\mbar-1.07.0.1012.exe
2014-08-28 21:19 - 2014-08-28 21:19 - 00401920 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2014-08-28 21:18 - 2014-08-28 21:18 - 00000968 _____ () C:\Users\Heather\Desktop\checkup.txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00002362 _____ () C:\Users\Heather\Desktop\FSS.txt
2014-08-28 21:13 - 2014-08-28 21:13 - 00415232 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2014-08-28 21:01 - 2014-08-28 21:01 - 00854417 _____ () C:\Users\Heather\Desktop\SecurityCheck.exe
2014-08-28 20:59 - 2014-08-28 20:54 - 00002212 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-08-28 20:54 - 2014-08-28 20:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-08-28 20:41 - 2009-07-14 00:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 20:32 - 2010-11-20 22:47 - 00620948 _____ () C:\Windows\PFRO.log
2014-08-28 20:15 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 20:10 - 2014-08-28 20:10 - 00003096 _____ () C:\dshell.txt
2014-08-28 20:10 - 2011-07-05 13:10 - 00000000 ____D () C:\Program Files (x86)\ViaVoice
2014-08-28 20:09 - 2011-07-05 13:34 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\mjusbsp
2014-08-28 19:58 - 2013-06-14 23:20 - 00000048 _____ () C:\RB.rdat
2014-08-28 19:58 - 2013-06-14 23:20 - 00000048 _____ () C:\License_Time.rdat
2014-08-28 19:47 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-28 19:14 - 2014-08-28 17:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 18:26 - 2014-08-08 00:21 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-28 17:58 - 2013-10-28 22:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-28 17:46 - 2014-08-28 17:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-28 17:43 - 2014-08-28 17:43 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-28 17:03 - 2011-07-05 06:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\CrashDumps
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-28 13:35 - 2011-07-10 19:48 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\SoftGrid Client
2014-08-28 12:23 - 2012-07-12 03:41 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (3)
2014-08-28 09:32 - 2014-08-28 09:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{F49306C3-0B9A-42D9-A7F8-85EE3CED763D}
2014-08-27 17:10 - 2014-08-27 17:10 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Meridian93
2014-08-27 17:09 - 2014-08-26 18:39 - 00000000 ____D () C:\Users\Heather\Desktop\current free ride games
2014-08-27 12:48 - 2011-07-06 09:52 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\PlayFirst
2014-08-27 12:48 - 2011-07-06 09:52 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-08-27 11:39 - 2012-08-10 06:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-27 03:04 - 2014-08-27 03:04 - 00000000 ____D () C:\ProgramData\GamePlastic
2014-08-26 20:31 - 2012-08-29 18:44 - 00000000 ____D () C:\ProgramData\Cateia Games
2014-08-26 18:41 - 2014-08-26 18:40 - 00000000 ____D () C:\Users\Heather\Desktop\Big Fish games
2014-08-26 18:41 - 2011-12-15 21:46 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 18:41 - 2011-07-05 02:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-26 18:39 - 2012-02-22 02:44 - 00000000 ____D () C:\Users\Heather\Desktop\Universe
2014-08-26 18:34 - 2012-04-14 12:36 - 00000000 ____D () C:\Users\Heather\Desktop\griffin
2014-08-26 12:31 - 2011-04-21 03:19 - 00000000 ____D () C:\ProgramData\Temp
2014-08-25 14:30 - 2014-06-05 15:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\LegacyGames
2014-08-23 20:35 - 2014-08-23 20:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{D3F9ED5A-95CE-4181-AB6B-52B9F7E8785E}
2014-08-22 21:07 - 2014-08-28 09:44 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 09:44 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 09:44 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:18 - 2014-08-21 19:18 - 00000000 ____D () C:\Users\Heather\AppData\Local\{475CA2BE-C852-45E9-B662-09F537A8F898}
2014-08-21 16:01 - 2014-08-21 16:00 - 00262144 _____ () C:\Windows\Minidump\082114-30404-01.dmp
2014-08-21 16:00 - 2011-08-06 15:05 - 726289794 _____ () C:\Windows\MEMORY.DMP
2014-08-21 16:00 - 2011-08-06 15:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 03:29 - 2012-08-24 21:05 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\uTorrent
2014-08-20 19:20 - 2014-08-20 19:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\{1E72094B-6478-435B-947D-53F87EED63EF}
2014-08-17 15:47 - 2014-08-17 15:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{6E98F70E-5C90-40B9-9693-18B67246778A}
2014-08-16 20:03 - 2014-08-16 20:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\{53A6CCF8-CF1D-4F96-824E-A7BD02E4A861}
2014-08-16 01:33 - 2014-08-16 01:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B084555C-D971-4CB4-91B3-E758FA35330F}
2014-08-15 13:32 - 2014-08-15 13:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B6968932-687D-4F3A-8A9F-B7FA88BD510C}
2014-08-15 01:31 - 2014-08-15 01:31 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CA815840-F0FA-4E9B-AB0F-535D44F10A12}
2014-08-13 22:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 16:29 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 16:28 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 16:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 03:17 - 2013-08-04 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:10 - 2012-08-13 00:16 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 03:01 - 2014-05-07 02:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 18:02 - 2014-08-12 18:01 - 00000000 ____D () C:\Users\Heather\AppData\Local\{801837D7-0039-4F5D-9C0C-6A55AFD8878C}
2014-08-10 05:44 - 2011-07-04 22:33 - 00000000 ____D () C:\Users\Heather\Documents\LDW
2014-08-09 17:59 - 2014-08-09 17:59 - 00000000 ____D () C:\Users\Heather\AppData\Local\{7B4C40EC-E42E-4A61-9B26-212C3DB6751D}
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4A863419-41C7-48FD-BA1C-18FA3BD76CA2}
2014-08-08 02:17 - 2014-08-08 02:17 - 00000000 ____D () C:\ProgramData\374311380
2014-08-08 02:17 - 2014-08-08 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-08 00:35 - 2014-08-08 00:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CF71C54D-6AF1-49BF-B60A-7D180803EB7D}
2014-08-08 00:22 - 2014-08-08 00:22 - 00006490 _____ () C:\Windows\System32\Tasks\733709e2-a1d9-4229-a606-a769796c31af
2014-08-08 00:22 - 2014-08-08 00:22 - 00005338 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4
2014-08-08 00:22 - 2014-08-08 00:22 - 00004604 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1
2014-08-08 00:22 - 2014-08-08 00:22 - 00004482 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5
2014-08-08 00:22 - 2014-08-08 00:21 - 00006836 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11
2014-08-08 00:22 - 2014-08-08 00:21 - 00000000 ____D () C:\Program Files (x86)\TheTorntv V10
2014-08-08 00:21 - 2014-08-08 00:21 - 00005466 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3
2014-08-08 00:21 - 2014-08-08 00:21 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-08 00:21 - 2014-08-08 00:21 - 00003638 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Users\Heather\AppData\Local\globalUpdate
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-06 21:06 - 2014-08-12 13:56 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-12 13:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 08:52 - 2012-08-10 06:02 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-06 08:51 - 2014-08-06 08:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-06 08:51 - 2014-08-06 08:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 08:51 - 2014-02-15 14:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-06 08:51 - 2013-07-15 21:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-06 08:51 - 2013-07-15 21:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-06 08:51 - 2012-08-10 06:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-05 09:20 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 13:24 - 2014-08-04 13:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\{872A68D1-71A0-469E-9DC1-0CEF14656D2B}
2014-08-03 21:32 - 2013-09-12 20:55 - 00000000 ____D () C:\BigFishCache
2014-08-02 17:56 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4C7B1FE7-1DF2-46FF-B91A-2E9733DDB75E}
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Trymedia
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-07-31 18:46 - 2014-07-21 21:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 18:41 - 2014-08-12 14:00 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-12 14:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 16:22 - 2014-07-30 16:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\{07ADB35C-431C-4714-B73E-D28B96179D03}

Files to move or delete:
====================
C:\Users\Heather\aomvstea23us.exe
C:\Users\Heather\jagex_cl_runescape_LIVE.dat
C:\Users\Heather\jagex_cl_runescape_LIVE1.dat
C:\Users\Heather\random.dat

Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\-4atxyhy.dll
C:\Users\Heather\AppData\Local\Temp\-a5cg5jn.dll
C:\Users\Heather\AppData\Local\Temp\-a9i6o_q.dll
C:\Users\Heather\AppData\Local\Temp\-dbcftjf.dll
C:\Users\Heather\AppData\Local\Temp\-e60zoqc.dll
C:\Users\Heather\AppData\Local\Temp\-i27ixrl.dll
C:\Users\Heather\AppData\Local\Temp\-iosbki3.dll
C:\Users\Heather\AppData\Local\Temp\-jbmk5he.dll
C:\Users\Heather\AppData\Local\Temp\-n_g4bnx.dll
C:\Users\Heather\AppData\Local\Temp\-xwajsbr.dll
C:\Users\Heather\AppData\Local\Temp\-zusbig6.dll
C:\Users\Heather\AppData\Local\Temp\0iar5o5w.dll
C:\Users\Heather\AppData\Local\Temp\0m4rnz7z.dll
C:\Users\Heather\AppData\Local\Temp\0pg8e572.dll
C:\Users\Heather\AppData\Local\Temp\0snjct9u.dll
C:\Users\Heather\AppData\Local\Temp\0udc0ark.dll
C:\Users\Heather\AppData\Local\Temp\0w6sh9yr.dll
C:\Users\Heather\AppData\Local\Temp\13gyr1gg.dll
C:\Users\Heather\AppData\Local\Temp\1f96lf22.dll
C:\Users\Heather\AppData\Local\Temp\1h1bqs7r.dll
C:\Users\Heather\AppData\Local\Temp\1hum5rf5.dll
C:\Users\Heather\AppData\Local\Temp\1i0fknzg.dll
C:\Users\Heather\AppData\Local\Temp\1iutcjzy.dll
C:\Users\Heather\AppData\Local\Temp\1kvwqqte.dll
C:\Users\Heather\AppData\Local\Temp\1xezsqyv.dll
C:\Users\Heather\AppData\Local\Temp\1ztfz3zw.dll
C:\Users\Heather\AppData\Local\Temp\1_8ec9wl.dll
C:\Users\Heather\AppData\Local\Temp\221jr2oo.dll
C:\Users\Heather\AppData\Local\Temp\26uqxnb0.dll
C:\Users\Heather\AppData\Local\Temp\2dg2upns.dll
C:\Users\Heather\AppData\Local\Temp\2fzd2uww.dll
C:\Users\Heather\AppData\Local\Temp\2iow9nmb.dll
C:\Users\Heather\AppData\Local\Temp\2mmwlzwd.dll
C:\Users\Heather\AppData\Local\Temp\2q1gio4n.dll
C:\Users\Heather\AppData\Local\Temp\2t7mitfh.dll
C:\Users\Heather\AppData\Local\Temp\2uk4lpqb.dll
C:\Users\Heather\AppData\Local\Temp\2yeacffr.dll
C:\Users\Heather\AppData\Local\Temp\2ynxgecs.dll
C:\Users\Heather\AppData\Local\Temp\2_ag2msq.dll
C:\Users\Heather\AppData\Local\Temp\33wbmpb3.dll
C:\Users\Heather\AppData\Local\Temp\3bksmaq2.dll
C:\Users\Heather\AppData\Local\Temp\3cq2r8hb.dll
C:\Users\Heather\AppData\Local\Temp\3okii5br.dll
C:\Users\Heather\AppData\Local\Temp\3sk5ovyh.dll
C:\Users\Heather\AppData\Local\Temp\3vveofd5.dll
C:\Users\Heather\AppData\Local\Temp\3zxhwd2a.dll
C:\Users\Heather\AppData\Local\Temp\3_s-yqsa.dll
C:\Users\Heather\AppData\Local\Temp\434qowct.dll
C:\Users\Heather\AppData\Local\Temp\4sfsxtbb.dll
C:\Users\Heather\AppData\Local\Temp\4vsg4uzo.dll
C:\Users\Heather\AppData\Local\Temp\4_qrcjil.dll
C:\Users\Heather\AppData\Local\Temp\4_qtry1u.dll
C:\Users\Heather\AppData\Local\Temp\50oo4vk1.dll
C:\Users\Heather\AppData\Local\Temp\5db1prp_.dll
C:\Users\Heather\AppData\Local\Temp\5dla_7xk.dll
C:\Users\Heather\AppData\Local\Temp\5fd02bus.dll
C:\Users\Heather\AppData\Local\Temp\5nlr2fhx.dll
C:\Users\Heather\AppData\Local\Temp\62wlxaxl.dll
C:\Users\Heather\AppData\Local\Temp\63pdqidi.dll
C:\Users\Heather\AppData\Local\Temp\66xnjrey.dll
C:\Users\Heather\AppData\Local\Temp\6bu11zg3.dll
C:\Users\Heather\AppData\Local\Temp\6c_61npl.dll
C:\Users\Heather\AppData\Local\Temp\6g8tnu8w.dll
C:\Users\Heather\AppData\Local\Temp\6jeqjmhk.dll
C:\Users\Heather\AppData\Local\Temp\6q59rhk_.dll
C:\Users\Heather\AppData\Local\Temp\6tc6sbpr.dll
C:\Users\Heather\AppData\Local\Temp\6unzleou.dll
C:\Users\Heather\AppData\Local\Temp\6wqrmwuf.dll
C:\Users\Heather\AppData\Local\Temp\6xe3mity.dll
C:\Users\Heather\AppData\Local\Temp\7-_58br0.dll
C:\Users\Heather\AppData\Local\Temp\7agzaut1.dll
C:\Users\Heather\AppData\Local\Temp\7b62dj0i.dll
C:\Users\Heather\AppData\Local\Temp\7ddcrlf7.dll
C:\Users\Heather\AppData\Local\Temp\7ikycaoi.dll
C:\Users\Heather\AppData\Local\Temp\7lafmdw8.dll
C:\Users\Heather\AppData\Local\Temp\82fqe9zs.dll
C:\Users\Heather\AppData\Local\Temp\862zpmnf.dll
C:\Users\Heather\AppData\Local\Temp\897wslur.dll
C:\Users\Heather\AppData\Local\Temp\8cx9k7th.dll
C:\Users\Heather\AppData\Local\Temp\8n11i0pe.dll
C:\Users\Heather\AppData\Local\Temp\8p9fxm9l.dll
C:\Users\Heather\AppData\Local\Temp\8pgcx1hc.dll
C:\Users\Heather\AppData\Local\Temp\8whiuaur.dll
C:\Users\Heather\AppData\Local\Temp\91g1bqgk.dll
C:\Users\Heather\AppData\Local\Temp\93j3p8xm.dll
C:\Users\Heather\AppData\Local\Temp\9d9wel0r.dll
C:\Users\Heather\AppData\Local\Temp\9e-nngv2.dll
C:\Users\Heather\AppData\Local\Temp\9iznc1sd.dll
C:\Users\Heather\AppData\Local\Temp\9k5yglw4.dll
C:\Users\Heather\AppData\Local\Temp\9mmx3uwl.dll
C:\Users\Heather\AppData\Local\Temp\9pghmmlm.dll
C:\Users\Heather\AppData\Local\Temp\9rpwnqax.dll
C:\Users\Heather\AppData\Local\Temp\9sc82ujp.dll
C:\Users\Heather\AppData\Local\Temp\9ybv6urf.dll
C:\Users\Heather\AppData\Local\Temp\a0cwgfjr.dll
C:\Users\Heather\AppData\Local\Temp\a1leufjx.dll
C:\Users\Heather\AppData\Local\Temp\a1lgrzhe.dll
C:\Users\Heather\AppData\Local\Temp\a4wj--9o.dll
C:\Users\Heather\AppData\Local\Temp\a4y2los6.dll
C:\Users\Heather\AppData\Local\Temp\a5iahjrz.dll
C:\Users\Heather\AppData\Local\Temp\a90vm3wf.dll
C:\Users\Heather\AppData\Local\Temp\AbiWord.exe
C:\Users\Heather\AppData\Local\Temp\ac8yrwmd.dll
C:\Users\Heather\AppData\Local\Temp\acudnfzm.dll
C:\Users\Heather\AppData\Local\Temp\aijug6sn.dll
C:\Users\Heather\AppData\Local\Temp\alioqjdl.dll
C:\Users\Heather\AppData\Local\Temp\an8op_tw.dll
C:\Users\Heather\AppData\Local\Temp\anrn3py9.dll
C:\Users\Heather\AppData\Local\Temp\ao5vhefh.dll
C:\Users\Heather\AppData\Local\Temp\aodaap9z.dll
C:\Users\Heather\AppData\Local\Temp\aqamez1c.dll
C:\Users\Heather\AppData\Local\Temp\ar7tkwmi.dll
C:\Users\Heather\AppData\Local\Temp\arjzu02l.dll
C:\Users\Heather\AppData\Local\Temp\aysftbim.dll
C:\Users\Heather\AppData\Local\Temp\azg12w9x.dll
C:\Users\Heather\AppData\Local\Temp\b2nrulbx.dll
C:\Users\Heather\AppData\Local\Temp\befeslpc.dll
C:\Users\Heather\AppData\Local\Temp\bfgfuymg.dll
C:\Users\Heather\AppData\Local\Temp\bfguni.exe
C:\Users\Heather\AppData\Local\Temp\bfjygr7z.dll
C:\Users\Heather\AppData\Local\Temp\bk6gnxy_.dll
C:\Users\Heather\AppData\Local\Temp\bkspyyqh.dll
C:\Users\Heather\AppData\Local\Temp\bleeubxq.dll
C:\Users\Heather\AppData\Local\Temp\bm8ckyfb.dll
C:\Users\Heather\AppData\Local\Temp\bojz4a8u.dll
C:\Users\Heather\AppData\Local\Temp\bqc07krn.dll
C:\Users\Heather\AppData\Local\Temp\bqhx3zx2.dll
C:\Users\Heather\AppData\Local\Temp\bra7pzp1.dll
C:\Users\Heather\AppData\Local\Temp\btzkwlya.dll
C:\Users\Heather\AppData\Local\Temp\bu6pnkbk.dll
C:\Users\Heather\AppData\Local\Temp\b_7nycyn.dll
C:\Users\Heather\AppData\Local\Temp\c8ba50_i.dll
C:\Users\Heather\AppData\Local\Temp\cboivcso.dll
C:\Users\Heather\AppData\Local\Temp\ccta7_y-.dll
C:\Users\Heather\AppData\Local\Temp\COMAP.EXE
C:\Users\Heather\AppData\Local\Temp\cqc9j5je.dll
C:\Users\Heather\AppData\Local\Temp\crioclwi.dll
C:\Users\Heather\AppData\Local\Temp\csjhfn9x.dll
C:\Users\Heather\AppData\Local\Temp\ctqtlyvt.dll
C:\Users\Heather\AppData\Local\Temp\ctyhj5ru.dll
C:\Users\Heather\AppData\Local\Temp\cvbpr-zi.dll
C:\Users\Heather\AppData\Local\Temp\cw4g662m.dll
C:\Users\Heather\AppData\Local\Temp\cwphbqj3.dll
C:\Users\Heather\AppData\Local\Temp\cxohu8xk.dll
C:\Users\Heather\AppData\Local\Temp\czkdagye.dll
C:\Users\Heather\AppData\Local\Temp\d-iqyx0a.dll
C:\Users\Heather\AppData\Local\Temp\d4bfivae.dll
C:\Users\Heather\AppData\Local\Temp\d9lld7m7.dll
C:\Users\Heather\AppData\Local\Temp\d9mq1tmd.dll
C:\Users\Heather\AppData\Local\Temp\dadmtzap.dll
C:\Users\Heather\AppData\Local\Temp\dcg1wnjv.dll
C:\Users\Heather\AppData\Local\Temp\df7z3wdw.dll
C:\Users\Heather\AppData\Local\Temp\dfcq3psj.dll
C:\Users\Heather\AppData\Local\Temp\diqiunkx.dll
C:\Users\Heather\AppData\Local\Temp\dk7a8qmu.dll
C:\Users\Heather\AppData\Local\Temp\dkalkhvf.dll
C:\Users\Heather\AppData\Local\Temp\dlLogic.exe
C:\Users\Heather\AppData\Local\Temp\dltr.exe
C:\Users\Heather\AppData\Local\Temp\dmnhehah.dll
C:\Users\Heather\AppData\Local\Temp\dmsxxeyo.dll
C:\Users\Heather\AppData\Local\Temp\dm_zxvxd.dll
C:\Users\Heather\AppData\Local\Temp\dnv_fcdx.dll
C:\Users\Heather\AppData\Local\Temp\dpmhmw7a.dll
C:\Users\Heather\AppData\Local\Temp\ds6amhs6.dll
C:\Users\Heather\AppData\Local\Temp\DSETUP.DLL
C:\Users\Heather\AppData\Local\Temp\DSETUP32.DLL
C:\Users\Heather\AppData\Local\Temp\dstexqnk.dll
C:\Users\Heather\AppData\Local\Temp\duipqudz.dll
C:\Users\Heather\AppData\Local\Temp\DX81NTENG.EXE
C:\Users\Heather\AppData\Local\Temp\dyliagcw.dll
C:\Users\Heather\AppData\Local\Temp\e2cx3trd.dll
C:\Users\Heather\AppData\Local\Temp\e5ouqo73.dll
C:\Users\Heather\AppData\Local\Temp\e93xj7qs.dll
C:\Users\Heather\AppData\Local\Temp\eddrshmr.dll
C:\Users\Heather\AppData\Local\Temp\edmwxpvo.dll
C:\Users\Heather\AppData\Local\Temp\edvvowwe.dll
C:\Users\Heather\AppData\Local\Temp\elr8vo05.dll
C:\Users\Heather\AppData\Local\Temp\em3nik87.dll
C:\Users\Heather\AppData\Local\Temp\enuxbbwk.dll
C:\Users\Heather\AppData\Local\Temp\epxa6m5r.dll
C:\Users\Heather\AppData\Local\Temp\es1m1kkc.dll
C:\Users\Heather\AppData\Local\Temp\esk6fbsd.dll
C:\Users\Heather\AppData\Local\Temp\euydwdrp.dll
C:\Users\Heather\AppData\Local\Temp\ewvwptdv.dll
C:\Users\Heather\AppData\Local\Temp\ey7xwzmh.dll
C:\Users\Heather\AppData\Local\Temp\eyesmcgp.dll
C:\Users\Heather\AppData\Local\Temp\f0aqlfhu.dll
C:\Users\Heather\AppData\Local\Temp\f0i6e2jl.dll
C:\Users\Heather\AppData\Local\Temp\f3e9bean.dll
C:\Users\Heather\AppData\Local\Temp\f5did26j.dll
C:\Users\Heather\AppData\Local\Temp\f5vaixne.dll
C:\Users\Heather\AppData\Local\Temp\f8troisr.dll
C:\Users\Heather\AppData\Local\Temp\f9dvcwjc.dll
C:\Users\Heather\AppData\Local\Temp\fexifj2s.dll
C:\Users\Heather\AppData\Local\Temp\ffxfev-g.dll
C:\Users\Heather\AppData\Local\Temp\fha2of1k.dll
C:\Users\Heather\AppData\Local\Temp\fic1ae5a.dll
C:\Users\Heather\AppData\Local\Temp\fiqv8sz_.dll
C:\Users\Heather\AppData\Local\Temp\fngcgiy5.dll
C:\Users\Heather\AppData\Local\Temp\fogojhdp.dll
C:\Users\Heather\AppData\Local\Temp\forz_swc.dll
C:\Users\Heather\AppData\Local\Temp\fqflchgr.dll
C:\Users\Heather\AppData\Local\Temp\fqrmrzc-.dll
C:\Users\Heather\AppData\Local\Temp\frsoxjqd.dll
C:\Users\Heather\AppData\Local\Temp\ftkfimhr.dll
C:\Users\Heather\AppData\Local\Temp\fvxvx7vf.dll
C:\Users\Heather\AppData\Local\Temp\fx8qiyvd.dll
C:\Users\Heather\AppData\Local\Temp\gaoifqri.dll
C:\Users\Heather\AppData\Local\Temp\GCVerifier.dll
C:\Users\Heather\AppData\Local\Temp\gcxreeza.dll
C:\Users\Heather\AppData\Local\Temp\gdvypugv.dll
C:\Users\Heather\AppData\Local\Temp\gesnqv_m.dll
C:\Users\Heather\AppData\Local\Temp\gf-oma1n.dll
C:\Users\Heather\AppData\Local\Temp\gf8ryout.dll
C:\Users\Heather\AppData\Local\Temp\gfgkemy8.dll
C:\Users\Heather\AppData\Local\Temp\gk1yxqwm.dll
C:\Users\Heather\AppData\Local\Temp\go3k-b9h.dll
C:\Users\Heather\AppData\Local\Temp\gocefrhx.dll
C:\Users\Heather\AppData\Local\Temp\gqmvicie.dll
C:\Users\Heather\AppData\Local\Temp\gs1kwpac.dll
C:\Users\Heather\AppData\Local\Temp\gsn0sbwl.dll
C:\Users\Heather\AppData\Local\Temp\gw6dsg8e.dll
C:\Users\Heather\AppData\Local\Temp\gyqteadt.dll
C:\Users\Heather\AppData\Local\Temp\gzgu1nzu.dll
C:\Users\Heather\AppData\Local\Temp\gzyg3nm-.dll
C:\Users\Heather\AppData\Local\Temp\h3phkni2.dll
C:\Users\Heather\AppData\Local\Temp\h6opadtu.dll
C:\Users\Heather\AppData\Local\Temp\heau5v9p.dll
C:\Users\Heather\AppData\Local\Temp\hehg9aga.dll
C:\Users\Heather\AppData\Local\Temp\hes4dm34.dll
C:\Users\Heather\AppData\Local\Temp\hff-fpff.dll
C:\Users\Heather\AppData\Local\Temp\hfnbqgtu.dll
C:\Users\Heather\AppData\Local\Temp\hidjwy0k.dll
C:\Users\Heather\AppData\Local\Temp\hjbndniw.dll
C:\Users\Heather\AppData\Local\Temp\hkoseylr.dll
C:\Users\Heather\AppData\Local\Temp\hmyngu4h.dll
C:\Users\Heather\AppData\Local\Temp\hs6dzdgb.dll
C:\Users\Heather\AppData\Local\Temp\htvkdy4j.dll
C:\Users\Heather\AppData\Local\Temp\hvsd9q-u.dll
C:\Users\Heather\AppData\Local\Temp\hw7nivxb.dll
C:\Users\Heather\AppData\Local\Temp\hxiomgx_.dll
C:\Users\Heather\AppData\Local\Temp\hxqgghyl.dll
C:\Users\Heather\AppData\Local\Temp\hzr-rvkv.dll
C:\Users\Heather\AppData\Local\Temp\i0ami7js.dll
C:\Users\Heather\AppData\Local\Temp\i4nara5a.dll
C:\Users\Heather\AppData\Local\Temp\i6rs3g3z.dll
C:\Users\Heather\AppData\Local\Temp\ibaykfhf.dll
C:\Users\Heather\AppData\Local\Temp\ibeht6ve.dll
C:\Users\Heather\AppData\Local\Temp\ibf1e3-0.dll
C:\Users\Heather\AppData\Local\Temp\ibil_8zg.dll
C:\Users\Heather\AppData\Local\Temp\ibryte_installer.exe
C:\Users\Heather\AppData\Local\Temp\icrfh85a.dll
C:\Users\Heather\AppData\Local\Temp\if3zlj6j.dll
C:\Users\Heather\AppData\Local\Temp\ifppml9m.dll
C:\Users\Heather\AppData\Local\Temp\ih3nlqng.dll
C:\Users\Heather\AppData\Local\Temp\ihdhifvk.dll
C:\Users\Heather\AppData\Local\Temp\ihgix-69.dll
C:\Users\Heather\AppData\Local\Temp\ikhmquqd.dll
C:\Users\Heather\AppData\Local\Temp\inqtwvz1.dll
C:\Users\Heather\AppData\Local\Temp\INS2HELPV2.DLL
C:\Users\Heather\AppData\Local\Temp\INSHELP.DLL
C:\Users\Heather\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Heather\AppData\Local\Temp\install_reader10_en_air_gtba_aih.exe
C:\Users\Heather\AppData\Local\Temp\ioiiwxer.dll
C:\Users\Heather\AppData\Local\Temp\iqbtmfg7.dll
C:\Users\Heather\AppData\Local\Temp\irnqwhcg.dll
C:\Users\Heather\AppData\Local\Temp\isdu0f-i.dll
C:\Users\Heather\AppData\Local\Temp\iww2jdkg.dll
C:\Users\Heather\AppData\Local\Temp\ixstygvz.dll
C:\Users\Heather\AppData\Local\Temp\iybk1gtb.dll
C:\Users\Heather\AppData\Local\Temp\izwlwj0o.dll
C:\Users\Heather\AppData\Local\Temp\i_uo9s_o.dll
C:\Users\Heather\AppData\Local\Temp\j-72rqd4.dll
C:\Users\Heather\AppData\Local\Temp\j12yr6aw.dll
C:\Users\Heather\AppData\Local\Temp\j3upvkpn.dll
C:\Users\Heather\AppData\Local\Temp\j9scgsst.dll
C:\Users\Heather\AppData\Local\Temp\jblr7l8v.dll
C:\Users\Heather\AppData\Local\Temp\jbncr_x2.dll
C:\Users\Heather\AppData\Local\Temp\jbur7d3z.dll
C:\Users\Heather\AppData\Local\Temp\jc5l2ei1.dll
C:\Users\Heather\AppData\Local\Temp\jdutaxkv.dll
C:\Users\Heather\AppData\Local\Temp\jeymiyyb.dll
C:\Users\Heather\AppData\Local\Temp\jfimcx8h.dll
C:\Users\Heather\AppData\Local\Temp\jfl7bxed.dll
C:\Users\Heather\AppData\Local\Temp\jg2br0oo.dll
C:\Users\Heather\AppData\Local\Temp\jpuo0uac.dll
C:\Users\Heather\AppData\Local\Temp\jqtocy3u.dll
C:\Users\Heather\AppData\Local\Temp\jqv2z1zn.dll
C:\Users\Heather\AppData\Local\Temp\jrdxmh6i.dll
C:\Users\Heather\AppData\Local\Temp\jubmhcec.dll
C:\Users\Heather\AppData\Local\Temp\jwnymuq9.dll
C:\Users\Heather\AppData\Local\Temp\jwosca7y.dll
C:\Users\Heather\AppData\Local\Temp\jwy-m6ao.dll
C:\Users\Heather\AppData\Local\Temp\jxaraf2a.dll
C:\Users\Heather\AppData\Local\Temp\jz2qln5k.dll
C:\Users\Heather\AppData\Local\Temp\kj3c_f30.dll
C:\Users\Heather\AppData\Local\Temp\kl3lgw2w.dll
C:\Users\Heather\AppData\Local\Temp\kojuzd3m.dll
C:\Users\Heather\AppData\Local\Temp\koujqwcx.dll
C:\Users\Heather\AppData\Local\Temp\ksnd65pi.dll
C:\Users\Heather\AppData\Local\Temp\ksow8dlv.dll
C:\Users\Heather\AppData\Local\Temp\kutkauov.dll
C:\Users\Heather\AppData\Local\Temp\kvpjgrdm.dll
C:\Users\Heather\AppData\Local\Temp\l-rgwasq.dll
C:\Users\Heather\AppData\Local\Temp\l33d7zip.dll
C:\Users\Heather\AppData\Local\Temp\l3pkji0v.dll
C:\Users\Heather\AppData\Local\Temp\l5rttvsf.dll
C:\Users\Heather\AppData\Local\Temp\l8zgkhp5.dll
C:\Users\Heather\AppData\Local\Temp\lcrh2-r3.dll
C:\Users\Heather\AppData\Local\Temp\letnywr0.dll
C:\Users\Heather\AppData\Local\Temp\leu3i9le.dll
C:\Users\Heather\AppData\Local\Temp\lj3v4ey_.dll
C:\Users\Heather\AppData\Local\Temp\lmtv_t_z.dll
C:\Users\Heather\AppData\Local\Temp\lp0tlctf.dll
C:\Users\Heather\AppData\Local\Temp\lrumzvtx.dll
C:\Users\Heather\AppData\Local\Temp\lu2nq5fv.dll
C:\Users\Heather\AppData\Local\Temp\lucccrys.dll
C:\Users\Heather\AppData\Local\Temp\lwahn46h.dll
C:\Users\Heather\AppData\Local\Temp\lwj6refl.dll
C:\Users\Heather\AppData\Local\Temp\lwkd0rok.dll
C:\Users\Heather\AppData\Local\Temp\lwrbcvrm.dll
C:\Users\Heather\AppData\Local\Temp\ly6_f3ft.dll
C:\Users\Heather\AppData\Local\Temp\l_hvkhoo.dll
C:\Users\Heather\AppData\Local\Temp\m3fyyopx.dll
C:\Users\Heather\AppData\Local\Temp\matnnsfy.dll
C:\Users\Heather\AppData\Local\Temp\mdosknfq.dll
C:\Users\Heather\AppData\Local\Temp\mfrvk47j.dll
C:\Users\Heather\AppData\Local\Temp\mhaswqfu.dll
C:\Users\Heather\AppData\Local\Temp\mhj06i1t.dll
C:\Users\Heather\AppData\Local\Temp\mi46tjfj.dll
C:\Users\Heather\AppData\Local\Temp\midweqsi.dll
C:\Users\Heather\AppData\Local\Temp\mkmaah_g.dll
C:\Users\Heather\AppData\Local\Temp\mn225dcs.dll
C:\Users\Heather\AppData\Local\Temp\mokoycgm.dll
C:\Users\Heather\AppData\Local\Temp\mtgwl6pp.dll
C:\Users\Heather\AppData\Local\Temp\mwxsgkym.dll
C:\Users\Heather\AppData\Local\Temp\m_3acbrk.dll
C:\Users\Heather\AppData\Local\Temp\n-t2fvmi.dll
C:\Users\Heather\AppData\Local\Temp\n0vaojnd.dll
C:\Users\Heather\AppData\Local\Temp\n34o8nzs.dll
C:\Users\Heather\AppData\Local\Temp\n7t4xy8c.dll
C:\Users\Heather\AppData\Local\Temp\n9tmciji.dll
C:\Users\Heather\AppData\Local\Temp\NGMDll.dll
C:\Users\Heather\AppData\Local\Temp\NGMResource.dll
C:\Users\Heather\AppData\Local\Temp\NGMSetup.exe
C:\Users\Heather\AppData\Local\Temp\nidigwhy.dll
C:\Users\Heather\AppData\Local\Temp\nijzyg2n.dll
C:\Users\Heather\AppData\Local\Temp\nivi1nzo.dll
C:\Users\Heather\AppData\Local\Temp\njbkqx5l.dll
C:\Users\Heather\AppData\Local\Temp\njdv5yby.dll
C:\Users\Heather\AppData\Local\Temp\noe9vpnj.dll
C:\Users\Heather\AppData\Local\Temp\noexpmic.dll
C:\Users\Heather\AppData\Local\Temp\nse4DA.exe
C:\Users\Heather\AppData\Local\Temp\nseA920.exe
C:\Users\Heather\AppData\Local\Temp\nsg86B4.exe
C:\Users\Heather\AppData\Local\Temp\nstB3DA.exe
C:\Users\Heather\AppData\Local\Temp\nsz1272.exe
C:\Users\Heather\AppData\Local\Temp\nuno6hcs.dll
C:\Users\Heather\AppData\Local\Temp\nzwrhzgu.dll
C:\Users\Heather\AppData\Local\Temp\n_u9e-gt.dll
C:\Users\Heather\AppData\Local\Temp\oadbmmtt.dll
C:\Users\Heather\AppData\Local\Temp\ob96udvy.dll
C:\Users\Heather\AppData\Local\Temp\obb_5pmw.dll
C:\Users\Heather\AppData\Local\Temp\obnqem18.dll
C:\Users\Heather\AppData\Local\Temp\ocgcu7ul.dll
C:\Users\Heather\AppData\Local\Temp\ocnn_rul.dll
C:\Users\Heather\AppData\Local\Temp\ocrvpscf.dll
C:\Users\Heather\AppData\Local\Temp\ofnewksu.dll
C:\Users\Heather\AppData\Local\Temp\ojieu6wj.dll
C:\Users\Heather\AppData\Local\Temp\olpb4dst.dll
C:\Users\Heather\AppData\Local\Temp\oomivqbw.dll
C:\Users\Heather\AppData\Local\Temp\opp6wxkd.dll
C:\Users\Heather\AppData\Local\Temp\otbmj5nn.dll
C:\Users\Heather\AppData\Local\Temp\oympjjck.dll
C:\Users\Heather\AppData\Local\Temp\ozcpfu62.dll
C:\Users\Heather\AppData\Local\Temp\p9qi9ihr.dll
C:\Users\Heather\AppData\Local\Temp\pbccywsc.dll
C:\Users\Heather\AppData\Local\Temp\pehfp73e.dll
C:\Users\Heather\AppData\Local\Temp\PhxA056.exe
C:\Users\Heather\AppData\Local\Temp\pjhuxtk0.dll
C:\Users\Heather\AppData\Local\Temp\ppzgz-ae.dll
C:\Users\Heather\AppData\Local\Temp\pr8qtivf.dll
C:\Users\Heather\AppData\Local\Temp\prqqbvxo.dll
C:\Users\Heather\AppData\Local\Temp\pus6woer.dll
C:\Users\Heather\AppData\Local\Temp\puzxu1s-.dll
C:\Users\Heather\AppData\Local\Temp\pwzjctnt.dll
C:\Users\Heather\AppData\Local\Temp\pymd4ux1.dll
C:\Users\Heather\AppData\Local\Temp\pymrf0qw.dll
C:\Users\Heather\AppData\Local\Temp\pyqgdtsu.dll
C:\Users\Heather\AppData\Local\Temp\q2jk9nsa.dll
C:\Users\Heather\AppData\Local\Temp\qa4zyroi.dll
C:\Users\Heather\AppData\Local\Temp\qagbibjy.dll
C:\Users\Heather\AppData\Local\Temp\qby4tdni.dll
C:\Users\Heather\AppData\Local\Temp\qch-dqtb.dll
C:\Users\Heather\AppData\Local\Temp\qe-ooiei.dll
C:\Users\Heather\AppData\Local\Temp\qi6kt5qe.dll
C:\Users\Heather\AppData\Local\Temp\qkmt1t2h.dll
C:\Users\Heather\AppData\Local\Temp\ql-y5zpr.dll
C:\Users\Heather\AppData\Local\Temp\qq5iwywc.dll
C:\Users\Heather\AppData\Local\Temp\qqv-ofmd.dll
C:\Users\Heather\AppData\Local\Temp\qsodtuvw.dll
C:\Users\Heather\AppData\Local\Temp\qtnl-cb2.dll
C:\Users\Heather\AppData\Local\Temp\quddod76.dll
C:\Users\Heather\AppData\Local\Temp\qurcd6ko.dll
C:\Users\Heather\AppData\Local\Temp\rabxvf4g.dll
C:\Users\Heather\AppData\Local\Temp\rb0ywyha.dll
C:\Users\Heather\AppData\Local\Temp\rbffi1gb.dll
C:\Users\Heather\AppData\Local\Temp\rd9tqtrx.dll
C:\Users\Heather\AppData\Local\Temp\rdrn4-tn.dll
C:\Users\Heather\AppData\Local\Temp\rf2aqo7r.dll
C:\Users\Heather\AppData\Local\Temp\rgaciuap.dll
C:\Users\Heather\AppData\Local\Temp\rhs9oqtp.dll
C:\Users\Heather\AppData\Local\Temp\rhu8aw_q.dll
C:\Users\Heather\AppData\Local\Temp\rjrnttkz.dll
C:\Users\Heather\AppData\Local\Temp\rliecgte.dll
C:\Users\Heather\AppData\Local\Temp\rp0expl6.dll
C:\Users\Heather\AppData\Local\Temp\rrclqtct.dll
C:\Users\Heather\AppData\Local\Temp\rsjrk4k_.dll
C:\Users\Heather\AppData\Local\Temp\rtqqypnu.dll
C:\Users\Heather\AppData\Local\Temp\rtywxsfp.dll
C:\Users\Heather\AppData\Local\Temp\s-mivcx6.dll
C:\Users\Heather\AppData\Local\Temp\s7o9dhy2.dll
C:\Users\Heather\AppData\Local\Temp\satwbcky.dll
C:\Users\Heather\AppData\Local\Temp\sbepvqqy.dll
C:\Users\Heather\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Heather\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Heather\AppData\Local\Temp\sfareca00002.dll
C:\Users\Heather\AppData\Local\Temp\sfextra.dll
C:\Users\Heather\AppData\Local\Temp\sgxswptn.dll
C:\Users\Heather\AppData\Local\Temp\sh8gtkat.dll
C:\Users\Heather\AppData\Local\Temp\shoptowin_12.exe
C:\Users\Heather\AppData\Local\Temp\shoptowin_12ff.exe
C:\Users\Heather\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Heather\AppData\Local\Temp\slluwwbz.dll
C:\Users\Heather\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Heather\AppData\Local\Temp\swxm3vnu.dll
C:\Users\Heather\AppData\Local\Temp\sxl9i72o.dll
C:\Users\Heather\AppData\Local\Temp\s_italas.dll
C:\Users\Heather\AppData\Local\Temp\t48xvjw4.dll
C:\Users\Heather\AppData\Local\Temp\t7mfcjxm.dll
C:\Users\Heather\AppData\Local\Temp\tceaanbe.dll
C:\Users\Heather\AppData\Local\Temp\td97ulmc.dll
C:\Users\Heather\AppData\Local\Temp\tecx1itm.dll
C:\Users\Heather\AppData\Local\Temp\teqcgzv8.dll
C:\Users\Heather\AppData\Local\Temp\tfjfm6nd.dll
C:\Users\Heather\AppData\Local\Temp\tfjhr8al.dll
C:\Users\Heather\AppData\Local\Temp\tgni5y-k.dll
C:\Users\Heather\AppData\Local\Temp\tlq-xdct.dll
C:\Users\Heather\AppData\Local\Temp\tmwpmcdx.dll
C:\Users\Heather\AppData\Local\Temp\tn146riz.dll
C:\Users\Heather\AppData\Local\Temp\tr0a6tnz.dll
C:\Users\Heather\AppData\Local\Temp\trqzcbzf.dll
C:\Users\Heather\AppData\Local\Temp\trrpyrfb.dll
C:\Users\Heather\AppData\Local\Temp\ts-meovc.dll
C:\Users\Heather\AppData\Local\Temp\ttjkdivh.dll
C:\Users\Heather\AppData\Local\Temp\twociign.dll
C:\Users\Heather\AppData\Local\Temp\tztsxqej.dll
C:\Users\Heather\AppData\Local\Temp\t_xe9sj2.dll
C:\Users\Heather\AppData\Local\Temp\u-hqrliz.dll
C:\Users\Heather\AppData\Local\Temp\u299_b-2.dll
C:\Users\Heather\AppData\Local\Temp\uakmvbmp.dll
C:\Users\Heather\AppData\Local\Temp\ucveuokn.dll
C:\Users\Heather\AppData\Local\Temp\ugrf-2qz.dll
C:\Users\Heather\AppData\Local\Temp\uh9hwhif.dll
C:\Users\Heather\AppData\Local\Temp\uhlyv9si.dll
C:\Users\Heather\AppData\Local\Temp\ujo2qsmt.dll
C:\Users\Heather\AppData\Local\Temp\umxbqtnw.dll
C:\Users\Heather\AppData\Local\Temp\unicows.dll
C:\Users\Heather\AppData\Local\Temp\Update.exe
C:\Users\Heather\AppData\Local\Temp\uvtshwxw.dll
C:\Users\Heather\AppData\Local\Temp\uwiwmskm.dll
C:\Users\Heather\AppData\Local\Temp\uyt2cqgr.dll
C:\Users\Heather\AppData\Local\Temp\uzeuxxvg.dll
C:\Users\Heather\AppData\Local\Temp\v0dagqex.dll
C:\Users\Heather\AppData\Local\Temp\vb2urayd.dll
C:\Users\Heather\AppData\Local\Temp\vc0wfhxo.dll
C:\Users\Heather\AppData\Local\Temp\vclr9ib8.dll
C:\Users\Heather\AppData\Local\Temp\vdrcf-3x.dll
C:\Users\Heather\AppData\Local\Temp\verau2zs.dll
C:\Users\Heather\AppData\Local\Temp\verifier.exe
C:\Users\Heather\AppData\Local\Temp\vfldz8tc.dll
C:\Users\Heather\AppData\Local\Temp\vfovea8o.dll
C:\Users\Heather\AppData\Local\Temp\vil34hfc.dll
C:\Users\Heather\AppData\Local\Temp\vn6wlvkf.dll
C:\Users\Heather\AppData\Local\Temp\vnvqdhu-.dll
C:\Users\Heather\AppData\Local\Temp\voa5ipjg.dll
C:\Users\Heather\AppData\Local\Temp\vqpp76kw.dll
C:\Users\Heather\AppData\Local\Temp\Welcome.exe
C:\Users\Heather\AppData\Local\Temp\wevamiaj.dll
C:\Users\Heather\AppData\Local\Temp\wfltnze8.dll
C:\Users\Heather\AppData\Local\Temp\wjcercjk.dll
C:\Users\Heather\AppData\Local\Temp\wkgbh9qs.dll
C:\Users\Heather\AppData\Local\Temp\wnb28sef.dll
C:\Users\Heather\AppData\Local\Temp\wqhuji8d.dll
C:\Users\Heather\AppData\Local\Temp\wtpbikpd.dll
C:\Users\Heather\AppData\Local\Temp\wx627zmj.dll
C:\Users\Heather\AppData\Local\Temp\x-3lshmd.dll
C:\Users\Heather\AppData\Local\Temp\x3hq04uy.dll
C:\Users\Heather\AppData\Local\Temp\x8thfxbe.dll
C:\Users\Heather\AppData\Local\Temp\xckmye-y.dll
C:\Users\Heather\AppData\Local\Temp\xexrvj55.dll
C:\Users\Heather\AppData\Local\Temp\xfkwcxq9.dll
C:\Users\Heather\AppData\Local\Temp\xg1siug3.dll
C:\Users\Heather\AppData\Local\Temp\xgn0-3xj.dll
C:\Users\Heather\AppData\Local\Temp\xhfj5pb1.dll
C:\Users\Heather\AppData\Local\Temp\xlpikdec.dll
C:\Users\Heather\AppData\Local\Temp\xo2fou4a.dll
C:\Users\Heather\AppData\Local\Temp\xrop0t3s.dll
C:\Users\Heather\AppData\Local\Temp\xw4cbkag.dll
C:\Users\Heather\AppData\Local\Temp\xxd_mpgz.dll
C:\Users\Heather\AppData\Local\Temp\xyrmutuw.dll
C:\Users\Heather\AppData\Local\Temp\xztb_zrg.dll
C:\Users\Heather\AppData\Local\Temp\y-llspv_.dll
C:\Users\Heather\AppData\Local\Temp\y6ydfd87.dll
C:\Users\Heather\AppData\Local\Temp\y7qdc3ti.dll
C:\Users\Heather\AppData\Local\Temp\y8ju7yqj.dll
C:\Users\Heather\AppData\Local\Temp\ybv0jhg_.dll
C:\Users\Heather\AppData\Local\Temp\ybvx8rnj.dll
C:\Users\Heather\AppData\Local\Temp\yct2zvew.dll
C:\Users\Heather\AppData\Local\Temp\yeznzho6.dll
C:\Users\Heather\AppData\Local\Temp\yl__xfr4.dll
C:\Users\Heather\AppData\Local\Temp\ymnqhpmh.dll
C:\Users\Heather\AppData\Local\Temp\ynrpxalk.dll
C:\Users\Heather\AppData\Local\Temp\ynstng_v.dll
C:\Users\Heather\AppData\Local\Temp\yo4qo1gq.dll
C:\Users\Heather\AppData\Local\Temp\ypa6qrun.dll
C:\Users\Heather\AppData\Local\Temp\yrec-lnq.dll
C:\Users\Heather\AppData\Local\Temp\ytufe9ad.dll
C:\Users\Heather\AppData\Local\Temp\yuiszbta.dll
C:\Users\Heather\AppData\Local\Temp\yxqqkg3z.dll
C:\Users\Heather\AppData\Local\Temp\yyn4swuy.dll
C:\Users\Heather\AppData\Local\Temp\z7tvp03u.dll
C:\Users\Heather\AppData\Local\Temp\z9uvggok.dll
C:\Users\Heather\AppData\Local\Temp\za5mxafa.dll
C:\Users\Heather\AppData\Local\Temp\zehcuojt.dll
C:\Users\Heather\AppData\Local\Temp\zhql1lsc.dll
C:\Users\Heather\AppData\Local\Temp\zj_91a9s.dll
C:\Users\Heather\AppData\Local\Temp\zokpcphd.dll
C:\Users\Heather\AppData\Local\Temp\zqyfam-f.dll
C:\Users\Heather\AppData\Local\Temp\zr6ezuux.dll
C:\Users\Heather\AppData\Local\Temp\zsccq0fd.dll
C:\Users\Heather\AppData\Local\Temp\zugo.exe
C:\Users\Heather\AppData\Local\Temp\zuvolkef.dll
C:\Users\Heather\AppData\Local\Temp\zyomvnqi.dll
C:\Users\Heather\AppData\Local\Temp\_a3dq31b.dll
C:\Users\Heather\AppData\Local\Temp\_bskhmei.dll
C:\Users\Heather\AppData\Local\Temp\_dlklpor.dll
C:\Users\Heather\AppData\Local\Temp\_gmq8ssm.dll
C:\Users\Heather\AppData\Local\Temp\_is27AE.exe
C:\Users\Heather\AppData\Local\Temp\_is3E9B.exe
C:\Users\Heather\AppData\Local\Temp\_is73D7.exe
C:\Users\Heather\AppData\Local\Temp\_qnfvvn9.dll
C:\Users\Heather\AppData\Local\Temp\_yz0ie2w.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-08-17 17:06

==================== End Of Log ============================


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 28 August 2014 - 03:32 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 28 August 2014 - 10:30 PM

Combofix is not finishing. However, it does appear that it took care of the problem since I'm not running multiple dllhosts anymore. Still, it doesn't give me any logs to give to you. It's completed through stage 50 and just sits there. I've tried to run it twice now, and waited well over an hour each time (it says usually about ten minutes).  Am I fine now?


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 29 August 2014 - 04:37 AM

Ok, we need a fresh FRST log to confirm that Combofix took care of the malware:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 29 August 2014 - 10:30 AM

Here you go! (fingers crossed)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Heather (administrator) on HEATHER-PC on 29-08-2014 10:23:00
Running from C:\Users\Heather\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Exent Technologies Ltd.) C:\Program Files (x86)\Free Ride Games\GPlayer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [Torntv Downloader] => C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-744858339-710463176-958911846-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 207.70.128.209 207.70.172.13

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Keyword.URL: https://www.google.com/search
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic603.dll (eMusic.com)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll (Exent Technologies Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default\searchplugins\trovi-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-28]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-28]
CHR Extension: (avast! WebRep) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-07-28]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38160 2009-06-17] (Malwarebytes Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
U3 X5Ex_Pr143; C:\Program Files (x86)\Free Ride Games\X5Ex_Pr143.Sys [611144 2012-10-28] (Exent Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 18:05 - 2014-08-29 18:31 - 00000000 ___SD () C:\ComboFix
2014-08-29 16:51 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 16:51 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 16:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 16:33 - 2014-08-29 16:51 - 00000000 ____D () C:\Qoobox
2014-08-29 16:32 - 2014-08-29 16:32 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 16:30 - 2014-08-29 16:30 - 05574834 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-08-29 13:47 - 2014-08-29 13:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{ED5218E4-477C-452F-91F6-6E443B826CE3}
2014-08-29 11:23 - 2014-08-29 11:23 - 02103296 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-08-29 11:23 - 2014-08-29 10:23 - 00000000 ____D () C:\FRST
2014-08-29 10:23 - 2014-08-29 10:24 - 00024723 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-08-29 10:22 - 2014-08-29 10:22 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (6)
2014-08-28 22:16 - 2014-08-28 22:17 - 00000000 ____D () C:\Users\Heather\AppData\Local\{55CBB1C8-756F-4C6F-85F8-0C570334E3A3}
2014-08-28 21:30 - 2014-08-28 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 21:30 - 2014-08-28 22:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 21:28 - 2014-08-28 22:08 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2014-08-28 21:28 - 2014-08-28 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 21:26 - 2014-08-28 21:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Heather\Desktop\mbar-1.07.0.1012.exe
2014-08-28 21:20 - 2014-08-28 21:46 - 00041640 _____ () C:\Users\Heather\Desktop\Result.txt
2014-08-28 21:19 - 2014-08-28 21:19 - 00401920 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2014-08-28 21:18 - 2014-08-28 21:18 - 00000968 _____ () C:\Users\Heather\Desktop\checkup.txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00002362 _____ () C:\Users\Heather\Desktop\FSS.txt
2014-08-28 21:13 - 2014-08-28 21:13 - 00415232 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2014-08-28 21:01 - 2014-08-28 21:01 - 00854417 _____ () C:\Users\Heather\Desktop\SecurityCheck.exe
2014-08-28 20:54 - 2014-08-28 20:59 - 00002212 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-08-28 20:53 - 2014-08-28 20:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-08-28 20:10 - 2014-08-28 20:10 - 00003096 _____ () C:\dshell.txt
2014-08-28 17:43 - 2014-08-28 17:43 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-28 17:42 - 2014-08-29 16:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 17:42 - 2014-08-28 17:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-28 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2009-06-17 11:27 - 00038160 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-08-28 13:41 - 2009-06-17 11:27 - 00022040 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 09:44 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:44 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:44 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 09:32 - 2014-08-28 09:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{F49306C3-0B9A-42D9-A7F8-85EE3CED763D}
2014-08-27 17:10 - 2014-08-27 17:10 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Meridian93
2014-08-27 03:04 - 2014-08-27 03:04 - 00000000 ____D () C:\ProgramData\GamePlastic
2014-08-26 18:40 - 2014-08-26 18:41 - 00000000 ____D () C:\Users\Heather\Desktop\Big Fish games
2014-08-26 18:39 - 2014-08-27 17:09 - 00000000 ____D () C:\Users\Heather\Desktop\current free ride games
2014-08-23 20:35 - 2014-08-23 20:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{D3F9ED5A-95CE-4181-AB6B-52B9F7E8785E}
2014-08-21 19:18 - 2014-08-21 19:18 - 00000000 ____D () C:\Users\Heather\AppData\Local\{475CA2BE-C852-45E9-B662-09F537A8F898}
2014-08-21 16:00 - 2014-08-21 16:01 - 00262144 _____ () C:\Windows\Minidump\082114-30404-01.dmp
2014-08-20 19:20 - 2014-08-20 19:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\{1E72094B-6478-435B-947D-53F87EED63EF}
2014-08-17 15:47 - 2014-08-17 15:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{6E98F70E-5C90-40B9-9693-18B67246778A}
2014-08-16 20:03 - 2014-08-16 20:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\{53A6CCF8-CF1D-4F96-824E-A7BD02E4A861}
2014-08-16 01:33 - 2014-08-16 01:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B084555C-D971-4CB4-91B3-E758FA35330F}
2014-08-15 13:32 - 2014-08-15 13:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B6968932-687D-4F3A-8A9F-B7FA88BD510C}
2014-08-15 01:31 - 2014-08-15 01:31 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CA815840-F0FA-4E9B-AB0F-535D44F10A12}
2014-08-13 03:03 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:03 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:03 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:03 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:03 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:03 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 18:01 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\Heather\AppData\Local\{801837D7-0039-4F5D-9C0C-6A55AFD8878C}
2014-08-12 14:02 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 14:02 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 14:02 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 14:02 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 14:01 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 14:01 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 14:01 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 14:01 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 14:01 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 14:01 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 14:01 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 14:01 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 14:01 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 14:01 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 14:01 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 14:01 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 14:01 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 14:01 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 14:01 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 14:01 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 14:01 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 14:01 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 14:01 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 14:01 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 14:01 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 14:01 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 14:01 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 14:01 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 14:01 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 14:01 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 14:00 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 14:00 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 14:00 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 14:00 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 14:00 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 14:00 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 14:00 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 14:00 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 14:00 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 14:00 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 14:00 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 14:00 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 14:00 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 14:00 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 14:00 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 14:00 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 14:00 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 14:00 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 14:00 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 14:00 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 14:00 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 14:00 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 14:00 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 14:00 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 14:00 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 14:00 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 14:00 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 13:56 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 13:56 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 13:56 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 13:56 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-09 17:59 - 2014-08-09 17:59 - 00000000 ____D () C:\Users\Heather\AppData\Local\{7B4C40EC-E42E-4A61-9B26-212C3DB6751D}
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4A863419-41C7-48FD-BA1C-18FA3BD76CA2}
2014-08-08 02:17 - 2014-08-29 16:29 - 00000000 ____D () C:\ProgramData\374311380
2014-08-08 00:35 - 2014-08-08 00:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CF71C54D-6AF1-49BF-B60A-7D180803EB7D}
2014-08-08 00:24 - 2014-08-08 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-08 00:22 - 2014-08-29 06:41 - 00003460 _____ () C:\Windows\Tasks\733709e2-a1d9-4229-a606-a769796c31af.job
2014-08-08 00:22 - 2014-08-29 06:41 - 00002308 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.job
2014-08-08 00:22 - 2014-08-29 06:41 - 00001574 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1.job
2014-08-08 00:22 - 2014-08-29 06:41 - 00001474 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user.job
2014-08-08 00:22 - 2014-08-29 06:41 - 00001452 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.job
2014-08-08 00:22 - 2014-08-08 00:22 - 00006490 _____ () C:\Windows\System32\Tasks\733709e2-a1d9-4229-a606-a769796c31af
2014-08-08 00:22 - 2014-08-08 00:22 - 00005338 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4
2014-08-08 00:22 - 2014-08-08 00:22 - 00004604 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1
2014-08-08 00:22 - 2014-08-08 00:22 - 00004482 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5
2014-08-08 00:21 - 2014-08-29 10:18 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-08 00:21 - 2014-08-29 06:41 - 00003806 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.job
2014-08-08 00:21 - 2014-08-29 06:41 - 00002436 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.job
2014-08-08 00:21 - 2014-08-29 03:42 - 00000890 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-08 00:21 - 2014-08-08 00:22 - 00006836 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11
2014-08-08 00:21 - 2014-08-08 00:22 - 00000000 ____D () C:\Program Files (x86)\TheTorntv V10
2014-08-08 00:21 - 2014-08-08 00:21 - 00005466 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3
2014-08-08 00:21 - 2014-08-08 00:21 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-08 00:21 - 2014-08-08 00:21 - 00003638 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Users\Heather\AppData\Local\globalUpdate
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-06 08:52 - 2014-08-06 08:51 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-06 08:51 - 2014-08-06 08:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-04 13:23 - 2014-08-04 13:24 - 00000000 ____D () C:\Users\Heather\AppData\Local\{872A68D1-71A0-469E-9DC1-0CEF14656D2B}
2014-08-02 17:56 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4C7B1FE7-1DF2-46FF-B91A-2E9733DDB75E}
2014-08-01 04:15 - 2014-08-28 19:47 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Trymedia
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-07-31 16:30 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 16:30 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 16:30 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 16:30 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 16:29 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 16:29 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 16:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 16:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 16:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 16:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 16:22 - 2014-07-30 16:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\{07ADB35C-431C-4714-B73E-D28B96179D03}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 18:31 - 2014-08-29 18:05 - 00000000 ___SD () C:\ComboFix
2014-08-29 17:19 - 2011-07-04 03:16 - 00000000 ____D () C:\Users\Heather
2014-08-29 16:51 - 2014-08-29 16:33 - 00000000 ____D () C:\Qoobox
2014-08-29 16:50 - 2014-08-28 17:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-29 16:32 - 2014-08-29 16:32 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 16:30 - 2014-08-29 16:30 - 05574834 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-08-29 16:29 - 2014-08-08 02:17 - 00000000 ____D () C:\ProgramData\374311380
2014-08-29 13:47 - 2014-08-29 13:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{ED5218E4-477C-452F-91F6-6E443B826CE3}
2014-08-29 11:23 - 2014-08-29 11:23 - 02103296 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-08-29 10:24 - 2014-08-29 10:23 - 00024723 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-08-29 10:23 - 2014-08-29 11:23 - 00000000 ____D () C:\FRST
2014-08-29 10:22 - 2014-08-29 10:22 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (6)
2014-08-29 10:18 - 2014-08-08 00:21 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-29 10:18 - 2011-06-02 21:57 - 01132007 _____ () C:\Windows\WindowsUpdate.log
2014-08-29 09:38 - 2009-07-13 23:45 - 00366440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 06:41 - 2014-08-08 00:22 - 00003460 _____ () C:\Windows\Tasks\733709e2-a1d9-4229-a606-a769796c31af.job
2014-08-29 06:41 - 2014-08-08 00:22 - 00002308 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4.job
2014-08-29 06:41 - 2014-08-08 00:22 - 00001574 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1.job
2014-08-29 06:41 - 2014-08-08 00:22 - 00001474 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user.job
2014-08-29 06:41 - 2014-08-08 00:22 - 00001452 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5.job
2014-08-29 06:41 - 2014-08-08 00:21 - 00003806 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.job
2014-08-29 06:41 - 2014-08-08 00:21 - 00002436 _____ () C:\Windows\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3.job
2014-08-29 04:09 - 2011-07-05 03:49 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2014-08-29 03:50 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 03:50 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-29 03:42 - 2014-08-08 00:21 - 00000890 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-29 03:42 - 2012-08-10 06:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-29 03:41 - 2011-07-05 12:49 - 00000000 ____D () C:\ProgramData\Kodak
2014-08-29 03:41 - 2010-11-20 22:47 - 00621936 _____ () C:\Windows\PFRO.log
2014-08-29 03:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 03:41 - 2009-07-13 23:51 - 00117951 _____ () C:\Windows\setupact.log
2014-08-28 22:17 - 2014-08-28 22:16 - 00000000 ____D () C:\Users\Heather\AppData\Local\{55CBB1C8-756F-4C6F-85F8-0C570334E3A3}
2014-08-28 22:11 - 2014-08-28 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 22:10 - 2014-08-28 21:30 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 22:08 - 2014-08-28 21:28 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2014-08-28 21:46 - 2014-08-28 21:20 - 00041640 _____ () C:\Users\Heather\Desktop\Result.txt
2014-08-28 21:28 - 2014-08-28 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 21:27 - 2014-08-28 21:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Heather\Desktop\mbar-1.07.0.1012.exe
2014-08-28 21:19 - 2014-08-28 21:19 - 00401920 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2014-08-28 21:18 - 2014-08-28 21:18 - 00000968 _____ () C:\Users\Heather\Desktop\checkup.txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00002362 _____ () C:\Users\Heather\Desktop\FSS.txt
2014-08-28 21:13 - 2014-08-28 21:13 - 00415232 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2014-08-28 21:01 - 2014-08-28 21:01 - 00854417 _____ () C:\Users\Heather\Desktop\SecurityCheck.exe
2014-08-28 20:59 - 2014-08-28 20:54 - 00002212 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-08-28 20:54 - 2014-08-28 20:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-08-28 20:41 - 2009-07-14 00:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 20:15 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 20:10 - 2014-08-28 20:10 - 00003096 _____ () C:\dshell.txt
2014-08-28 20:10 - 2011-07-05 13:10 - 00000000 ____D () C:\Program Files (x86)\ViaVoice
2014-08-28 20:09 - 2011-07-05 13:34 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\mjusbsp
2014-08-28 19:58 - 2013-06-14 23:20 - 00000048 _____ () C:\RB.rdat
2014-08-28 19:58 - 2013-06-14 23:20 - 00000048 _____ () C:\License_Time.rdat
2014-08-28 19:47 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-28 17:58 - 2013-10-28 22:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-28 17:46 - 2014-08-28 17:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-28 17:43 - 2014-08-28 17:43 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-28 17:03 - 2011-07-05 06:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\CrashDumps
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-28 13:35 - 2011-07-10 19:48 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\SoftGrid Client
2014-08-28 12:23 - 2012-07-12 03:41 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (3)
2014-08-28 09:32 - 2014-08-28 09:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{F49306C3-0B9A-42D9-A7F8-85EE3CED763D}
2014-08-27 17:10 - 2014-08-27 17:10 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Meridian93
2014-08-27 17:09 - 2014-08-26 18:39 - 00000000 ____D () C:\Users\Heather\Desktop\current free ride games
2014-08-27 12:48 - 2011-07-06 09:52 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\PlayFirst
2014-08-27 12:48 - 2011-07-06 09:52 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-08-27 03:04 - 2014-08-27 03:04 - 00000000 ____D () C:\ProgramData\GamePlastic
2014-08-26 20:31 - 2012-08-29 18:44 - 00000000 ____D () C:\ProgramData\Cateia Games
2014-08-26 18:41 - 2014-08-26 18:40 - 00000000 ____D () C:\Users\Heather\Desktop\Big Fish games
2014-08-26 18:41 - 2011-12-15 21:46 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 18:41 - 2011-07-05 02:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-26 18:39 - 2012-02-22 02:44 - 00000000 ____D () C:\Users\Heather\Desktop\Universe
2014-08-26 18:34 - 2012-04-14 12:36 - 00000000 ____D () C:\Users\Heather\Desktop\griffin
2014-08-26 12:31 - 2011-04-21 03:19 - 00000000 ____D () C:\ProgramData\Temp
2014-08-25 14:30 - 2014-06-05 15:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\LegacyGames
2014-08-23 20:35 - 2014-08-23 20:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{D3F9ED5A-95CE-4181-AB6B-52B9F7E8785E}
2014-08-22 21:07 - 2014-08-28 09:44 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 09:44 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 09:44 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:18 - 2014-08-21 19:18 - 00000000 ____D () C:\Users\Heather\AppData\Local\{475CA2BE-C852-45E9-B662-09F537A8F898}
2014-08-21 16:01 - 2014-08-21 16:00 - 00262144 _____ () C:\Windows\Minidump\082114-30404-01.dmp
2014-08-21 16:00 - 2011-08-06 15:05 - 726289794 _____ () C:\Windows\MEMORY.DMP
2014-08-21 16:00 - 2011-08-06 15:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 03:29 - 2012-08-24 21:05 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\uTorrent
2014-08-20 19:20 - 2014-08-20 19:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\{1E72094B-6478-435B-947D-53F87EED63EF}
2014-08-17 15:47 - 2014-08-17 15:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{6E98F70E-5C90-40B9-9693-18B67246778A}
2014-08-16 20:03 - 2014-08-16 20:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\{53A6CCF8-CF1D-4F96-824E-A7BD02E4A861}
2014-08-16 01:33 - 2014-08-16 01:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B084555C-D971-4CB4-91B3-E758FA35330F}
2014-08-15 13:32 - 2014-08-15 13:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B6968932-687D-4F3A-8A9F-B7FA88BD510C}
2014-08-15 01:31 - 2014-08-15 01:31 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CA815840-F0FA-4E9B-AB0F-535D44F10A12}
2014-08-13 22:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 16:29 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 16:28 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 16:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 03:17 - 2013-08-04 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:10 - 2012-08-13 00:16 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 03:01 - 2014-05-07 02:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 18:02 - 2014-08-12 18:01 - 00000000 ____D () C:\Users\Heather\AppData\Local\{801837D7-0039-4F5D-9C0C-6A55AFD8878C}
2014-08-10 05:44 - 2011-07-04 22:33 - 00000000 ____D () C:\Users\Heather\Documents\LDW
2014-08-09 17:59 - 2014-08-09 17:59 - 00000000 ____D () C:\Users\Heather\AppData\Local\{7B4C40EC-E42E-4A61-9B26-212C3DB6751D}
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4A863419-41C7-48FD-BA1C-18FA3BD76CA2}
2014-08-08 02:17 - 2014-08-08 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-08 00:35 - 2014-08-08 00:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CF71C54D-6AF1-49BF-B60A-7D180803EB7D}
2014-08-08 00:22 - 2014-08-08 00:22 - 00006490 _____ () C:\Windows\System32\Tasks\733709e2-a1d9-4229-a606-a769796c31af
2014-08-08 00:22 - 2014-08-08 00:22 - 00005338 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-4
2014-08-08 00:22 - 2014-08-08 00:22 - 00004604 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-1
2014-08-08 00:22 - 2014-08-08 00:22 - 00004482 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-5
2014-08-08 00:22 - 2014-08-08 00:21 - 00006836 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11
2014-08-08 00:22 - 2014-08-08 00:21 - 00000000 ____D () C:\Program Files (x86)\TheTorntv V10
2014-08-08 00:21 - 2014-08-08 00:21 - 00005466 _____ () C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-3
2014-08-08 00:21 - 2014-08-08 00:21 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-08 00:21 - 2014-08-08 00:21 - 00003638 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Users\Heather\AppData\Local\globalUpdate
2014-08-08 00:21 - 2014-08-08 00:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-06 21:06 - 2014-08-12 13:56 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-12 13:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 08:52 - 2012-08-10 06:02 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-06 08:51 - 2014-08-06 08:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-06 08:51 - 2014-08-06 08:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 08:51 - 2014-02-15 14:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-06 08:51 - 2013-07-15 21:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-06 08:51 - 2013-07-15 21:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-06 08:51 - 2012-08-10 06:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-05 09:20 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 13:24 - 2014-08-04 13:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\{872A68D1-71A0-469E-9DC1-0CEF14656D2B}
2014-08-03 21:32 - 2013-09-12 20:55 - 00000000 ____D () C:\BigFishCache
2014-08-02 17:56 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4C7B1FE7-1DF2-46FF-B91A-2E9733DDB75E}
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Trymedia
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-07-31 18:46 - 2014-07-21 21:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 18:41 - 2014-08-12 14:00 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-12 14:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 16:22 - 2014-07-30 16:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\{07ADB35C-431C-4714-B73E-D28B96179D03}

Files to move or delete:
====================
C:\Users\Heather\jagex_cl_runescape_LIVE.dat
C:\Users\Heather\jagex_cl_runescape_LIVE1.dat
C:\Users\Heather\random.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-08-17 17:06

==================== End Of Log ============================


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 29 August 2014 - 02:53 PM

Yes it looks better already.


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 29 August 2014 - 09:45 PM

# AdwCleaner v3.308 - Report created 29/08/2014 at 21:32:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Heather - HEATHER-PC
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\quickclick
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Alawar
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\TheTorntv V10
Folder Deleted : C:\Users\Heather\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Heather\AppData\Roaming\iWin
Folder Deleted : C:\Users\Heather\AppData\Roaming\Alawar
Folder Deleted : C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
File Deleted : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default\searchplugins\trovi-search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : 733709e2-a1d9-4229-a606-a769796c31af
Task Deleted : faaa977f-cb01-43bf-b04b-8d85af1f92cd-1
Task Deleted : faaa977f-cb01-43bf-b04b-8d85af1f92cd-11
Task Deleted : faaa977f-cb01-43bf-b04b-8d85af1f92cd-3
Task Deleted : faaa977f-cb01-43bf-b04b-8d85af1f92cd-4
Task Deleted : faaa977f-cb01-43bf-b04b-8d85af1f92cd-5
Task Deleted : faaa977f-cb01-43bf-b04b-8d85af1f92cd-5_user

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061855.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061855.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061855.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061855.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_runescape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_runescape_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622182255}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655185555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666186655}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644184455}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622182255}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655185555}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666186655}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\TheTorntv V10
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [10855 octets] - [29/08/2014 21:29:38]
AdwCleaner[S0].txt - [10751 octets] - [29/08/2014 21:32:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10812 octets] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014 01
Ran by Heather (administrator) on HEATHER-PC on 29-08-2014 21:38:49
Running from C:\Users\Heather\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 207.70.128.209 207.70.172.13

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Keyword.URL: https://www.google.com/search
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic603.dll (eMusic.com)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-28]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-28]
CHR Extension: (avast! WebRep) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-07-28]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38160 2009-06-17] (Malwarebytes Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 21:38 - 2014-08-29 21:39 - 00023098 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-08-29 21:38 - 2014-08-29 21:38 - 00010913 _____ () C:\Users\Heather\Desktop\AdwCleaner[S0].txt
2014-08-29 21:38 - 2014-08-29 21:38 - 00000000 ____D () C:\Users\Heather\Desktop\FRST-OlderVersion
2014-08-29 21:33 - 2014-08-29 21:33 - 00000000 _____ () C:\Windows\SysWOW64\sho1D24.tmp
2014-08-29 21:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-29 21:29 - 2014-08-29 21:32 - 00000000 ____D () C:\AdwCleaner
2014-08-29 21:28 - 2014-08-29 21:28 - 01364531 _____ () C:\Users\Heather\Desktop\AdwCleaner.exe
2014-08-29 18:05 - 2014-08-29 18:31 - 00000000 ___SD () C:\ComboFix
2014-08-29 16:51 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 16:51 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 16:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 16:51 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 16:33 - 2014-08-29 16:51 - 00000000 ____D () C:\Qoobox
2014-08-29 16:32 - 2014-08-29 16:32 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 16:30 - 2014-08-29 16:30 - 05574834 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-08-29 13:47 - 2014-08-29 13:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{ED5218E4-477C-452F-91F6-6E443B826CE3}
2014-08-29 11:23 - 2014-08-29 21:38 - 02103808 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-08-29 11:23 - 2014-08-29 21:38 - 00000000 ____D () C:\FRST
2014-08-28 22:16 - 2014-08-28 22:17 - 00000000 ____D () C:\Users\Heather\AppData\Local\{55CBB1C8-756F-4C6F-85F8-0C570334E3A3}
2014-08-28 21:30 - 2014-08-28 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 21:30 - 2014-08-28 22:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 21:28 - 2014-08-28 22:08 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2014-08-28 21:28 - 2014-08-28 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 21:26 - 2014-08-28 21:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Heather\Desktop\mbar-1.07.0.1012.exe
2014-08-28 21:20 - 2014-08-28 21:46 - 00041640 _____ () C:\Users\Heather\Desktop\Result.txt
2014-08-28 21:19 - 2014-08-28 21:19 - 00401920 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2014-08-28 21:18 - 2014-08-28 21:18 - 00000968 _____ () C:\Users\Heather\Desktop\checkup.txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00002362 _____ () C:\Users\Heather\Desktop\FSS.txt
2014-08-28 21:13 - 2014-08-28 21:13 - 00415232 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2014-08-28 21:01 - 2014-08-28 21:01 - 00854417 _____ () C:\Users\Heather\Desktop\SecurityCheck.exe
2014-08-28 20:54 - 2014-08-28 20:59 - 00002212 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-08-28 20:53 - 2014-08-28 20:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-08-28 20:10 - 2014-08-28 20:10 - 00003096 _____ () C:\dshell.txt
2014-08-28 17:43 - 2014-08-28 17:43 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-28 17:42 - 2014-08-29 16:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 17:42 - 2014-08-28 17:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-28 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2009-06-17 11:27 - 00038160 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-08-28 13:41 - 2009-06-17 11:27 - 00022040 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 09:44 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:44 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:44 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 09:32 - 2014-08-28 09:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{F49306C3-0B9A-42D9-A7F8-85EE3CED763D}
2014-08-27 17:10 - 2014-08-27 17:10 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Meridian93
2014-08-27 03:04 - 2014-08-27 03:04 - 00000000 ____D () C:\ProgramData\GamePlastic
2014-08-26 18:40 - 2014-08-26 18:41 - 00000000 ____D () C:\Users\Heather\Desktop\Big Fish games
2014-08-26 18:39 - 2014-08-27 17:09 - 00000000 ____D () C:\Users\Heather\Desktop\current free ride games
2014-08-23 20:35 - 2014-08-23 20:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{D3F9ED5A-95CE-4181-AB6B-52B9F7E8785E}
2014-08-21 19:18 - 2014-08-21 19:18 - 00000000 ____D () C:\Users\Heather\AppData\Local\{475CA2BE-C852-45E9-B662-09F537A8F898}
2014-08-21 16:00 - 2014-08-21 16:01 - 00262144 _____ () C:\Windows\Minidump\082114-30404-01.dmp
2014-08-20 19:20 - 2014-08-20 19:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\{1E72094B-6478-435B-947D-53F87EED63EF}
2014-08-17 15:47 - 2014-08-17 15:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{6E98F70E-5C90-40B9-9693-18B67246778A}
2014-08-16 20:03 - 2014-08-16 20:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\{53A6CCF8-CF1D-4F96-824E-A7BD02E4A861}
2014-08-16 01:33 - 2014-08-16 01:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B084555C-D971-4CB4-91B3-E758FA35330F}
2014-08-15 13:32 - 2014-08-15 13:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B6968932-687D-4F3A-8A9F-B7FA88BD510C}
2014-08-15 01:31 - 2014-08-15 01:31 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CA815840-F0FA-4E9B-AB0F-535D44F10A12}
2014-08-13 03:03 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:03 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:03 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:03 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:03 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:03 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 18:01 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\Heather\AppData\Local\{801837D7-0039-4F5D-9C0C-6A55AFD8878C}
2014-08-12 14:02 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 14:02 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 14:02 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 14:02 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 14:02 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 14:02 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 14:01 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 14:01 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 14:01 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 14:01 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 14:01 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 14:01 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 14:01 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 14:01 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 14:01 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 14:01 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 14:01 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 14:01 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 14:01 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 14:01 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 14:01 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 14:01 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 14:01 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 14:01 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 14:01 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 14:01 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 14:01 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 14:01 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 14:01 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 14:01 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 14:01 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 14:01 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 14:01 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 14:00 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 14:00 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 14:00 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 14:00 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 14:00 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 14:00 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 14:00 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 14:00 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 14:00 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 14:00 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 14:00 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 14:00 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 14:00 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 14:00 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 14:00 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 14:00 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 14:00 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 14:00 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 14:00 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 14:00 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 14:00 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 14:00 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 14:00 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 14:00 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 14:00 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 14:00 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 14:00 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 13:56 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 13:56 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 13:56 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 13:56 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-09 17:59 - 2014-08-09 17:59 - 00000000 ____D () C:\Users\Heather\AppData\Local\{7B4C40EC-E42E-4A61-9B26-212C3DB6751D}
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4A863419-41C7-48FD-BA1C-18FA3BD76CA2}
2014-08-08 00:35 - 2014-08-08 00:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CF71C54D-6AF1-49BF-B60A-7D180803EB7D}
2014-08-06 08:52 - 2014-08-06 08:51 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-06 08:51 - 2014-08-06 08:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-04 13:23 - 2014-08-04 13:24 - 00000000 ____D () C:\Users\Heather\AppData\Local\{872A68D1-71A0-469E-9DC1-0CEF14656D2B}
2014-08-02 17:56 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4C7B1FE7-1DF2-46FF-B91A-2E9733DDB75E}
2014-08-01 04:15 - 2014-08-28 19:47 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-07-31 16:30 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 16:30 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 16:30 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 16:30 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 16:29 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 16:29 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 16:29 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 16:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 16:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 16:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 16:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 16:22 - 2014-07-30 16:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\{07ADB35C-431C-4714-B73E-D28B96179D03}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 21:39 - 2014-08-29 21:38 - 00023098 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-08-29 21:38 - 2014-08-29 21:38 - 00010913 _____ () C:\Users\Heather\Desktop\AdwCleaner[S0].txt
2014-08-29 21:38 - 2014-08-29 21:38 - 00000000 ____D () C:\Users\Heather\Desktop\FRST-OlderVersion
2014-08-29 21:38 - 2014-08-29 11:23 - 02103808 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-08-29 21:38 - 2014-08-29 11:23 - 00000000 ____D () C:\FRST
2014-08-29 21:34 - 2011-07-05 12:49 - 00000000 ____D () C:\ProgramData\Kodak
2014-08-29 21:34 - 2010-11-20 22:47 - 00622250 _____ () C:\Windows\PFRO.log
2014-08-29 21:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 21:34 - 2009-07-13 23:51 - 00118007 _____ () C:\Windows\setupact.log
2014-08-29 21:33 - 2014-08-29 21:33 - 00000000 _____ () C:\Windows\SysWOW64\sho1D24.tmp
2014-08-29 21:33 - 2011-06-02 21:57 - 01139369 _____ () C:\Windows\WindowsUpdate.log
2014-08-29 21:32 - 2014-08-29 21:29 - 00000000 ____D () C:\AdwCleaner
2014-08-29 21:28 - 2014-08-29 21:28 - 01364531 _____ () C:\Users\Heather\Desktop\AdwCleaner.exe
2014-08-29 21:25 - 2012-08-10 06:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-29 18:31 - 2014-08-29 18:05 - 00000000 ___SD () C:\ComboFix
2014-08-29 17:19 - 2011-07-04 03:16 - 00000000 ____D () C:\Users\Heather
2014-08-29 16:51 - 2014-08-29 16:33 - 00000000 ____D () C:\Qoobox
2014-08-29 16:50 - 2014-08-28 17:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-29 16:32 - 2014-08-29 16:32 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 16:30 - 2014-08-29 16:30 - 05574834 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-08-29 13:47 - 2014-08-29 13:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{ED5218E4-477C-452F-91F6-6E443B826CE3}
2014-08-29 09:38 - 2009-07-13 23:45 - 00366440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 03:50 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 03:50 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 22:17 - 2014-08-28 22:16 - 00000000 ____D () C:\Users\Heather\AppData\Local\{55CBB1C8-756F-4C6F-85F8-0C570334E3A3}
2014-08-28 22:11 - 2014-08-28 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 22:10 - 2014-08-28 21:30 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 22:08 - 2014-08-28 21:28 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2014-08-28 21:46 - 2014-08-28 21:20 - 00041640 _____ () C:\Users\Heather\Desktop\Result.txt
2014-08-28 21:28 - 2014-08-28 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 21:27 - 2014-08-28 21:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Heather\Desktop\mbar-1.07.0.1012.exe
2014-08-28 21:19 - 2014-08-28 21:19 - 00401920 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2014-08-28 21:18 - 2014-08-28 21:18 - 00000968 _____ () C:\Users\Heather\Desktop\checkup.txt
2014-08-28 21:14 - 2014-08-28 21:14 - 00002362 _____ () C:\Users\Heather\Desktop\FSS.txt
2014-08-28 21:13 - 2014-08-28 21:13 - 00415232 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2014-08-28 21:01 - 2014-08-28 21:01 - 00854417 _____ () C:\Users\Heather\Desktop\SecurityCheck.exe
2014-08-28 20:59 - 2014-08-28 20:54 - 00002212 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-08-28 20:54 - 2014-08-28 20:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-08-28 20:41 - 2009-07-14 00:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 20:15 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 20:10 - 2014-08-28 20:10 - 00003096 _____ () C:\dshell.txt
2014-08-28 20:10 - 2011-07-05 13:10 - 00000000 ____D () C:\Program Files (x86)\ViaVoice
2014-08-28 20:09 - 2011-07-05 13:34 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\mjusbsp
2014-08-28 19:58 - 2013-06-14 23:20 - 00000048 _____ () C:\RB.rdat
2014-08-28 19:58 - 2013-06-14 23:20 - 00000048 _____ () C:\License_Time.rdat
2014-08-28 19:47 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-28 17:58 - 2013-10-28 22:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-28 17:46 - 2014-08-28 17:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-28 17:43 - 2014-08-28 17:43 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-28 17:43 - 2014-08-28 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-28 17:03 - 2011-07-05 06:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\CrashDumps
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 13:41 - 2014-08-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-28 13:35 - 2011-07-10 19:48 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\SoftGrid Client
2014-08-28 12:23 - 2012-07-12 03:41 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (3)
2014-08-28 09:32 - 2014-08-28 09:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{F49306C3-0B9A-42D9-A7F8-85EE3CED763D}
2014-08-27 17:10 - 2014-08-27 17:10 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Meridian93
2014-08-27 17:09 - 2014-08-26 18:39 - 00000000 ____D () C:\Users\Heather\Desktop\current free ride games
2014-08-27 12:48 - 2011-07-06 09:52 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\PlayFirst
2014-08-27 12:48 - 2011-07-06 09:52 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-08-27 03:04 - 2014-08-27 03:04 - 00000000 ____D () C:\ProgramData\GamePlastic
2014-08-26 20:31 - 2012-08-29 18:44 - 00000000 ____D () C:\ProgramData\Cateia Games
2014-08-26 18:41 - 2014-08-26 18:40 - 00000000 ____D () C:\Users\Heather\Desktop\Big Fish games
2014-08-26 18:41 - 2011-12-15 21:46 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 18:41 - 2011-07-05 02:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-26 18:39 - 2012-02-22 02:44 - 00000000 ____D () C:\Users\Heather\Desktop\Universe
2014-08-26 18:34 - 2012-04-14 12:36 - 00000000 ____D () C:\Users\Heather\Desktop\griffin
2014-08-26 12:31 - 2011-04-21 03:19 - 00000000 ____D () C:\ProgramData\Temp
2014-08-25 14:30 - 2014-06-05 15:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\LegacyGames
2014-08-23 20:35 - 2014-08-23 20:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{D3F9ED5A-95CE-4181-AB6B-52B9F7E8785E}
2014-08-22 21:07 - 2014-08-28 09:44 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 09:44 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 09:44 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:18 - 2014-08-21 19:18 - 00000000 ____D () C:\Users\Heather\AppData\Local\{475CA2BE-C852-45E9-B662-09F537A8F898}
2014-08-21 16:01 - 2014-08-21 16:00 - 00262144 _____ () C:\Windows\Minidump\082114-30404-01.dmp
2014-08-21 16:00 - 2011-08-06 15:05 - 726289794 _____ () C:\Windows\MEMORY.DMP
2014-08-21 16:00 - 2011-08-06 15:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 03:29 - 2012-08-24 21:05 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\uTorrent
2014-08-20 19:20 - 2014-08-20 19:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\{1E72094B-6478-435B-947D-53F87EED63EF}
2014-08-17 15:47 - 2014-08-17 15:47 - 00000000 ____D () C:\Users\Heather\AppData\Local\{6E98F70E-5C90-40B9-9693-18B67246778A}
2014-08-16 20:03 - 2014-08-16 20:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\{53A6CCF8-CF1D-4F96-824E-A7BD02E4A861}
2014-08-16 01:33 - 2014-08-16 01:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B084555C-D971-4CB4-91B3-E758FA35330F}
2014-08-15 13:32 - 2014-08-15 13:32 - 00000000 ____D () C:\Users\Heather\AppData\Local\{B6968932-687D-4F3A-8A9F-B7FA88BD510C}
2014-08-15 01:31 - 2014-08-15 01:31 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CA815840-F0FA-4E9B-AB0F-535D44F10A12}
2014-08-13 22:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 16:29 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 16:28 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 16:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 03:17 - 2013-08-04 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:10 - 2012-08-13 00:16 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 03:01 - 2014-05-07 02:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 18:02 - 2014-08-12 18:01 - 00000000 ____D () C:\Users\Heather\AppData\Local\{801837D7-0039-4F5D-9C0C-6A55AFD8878C}
2014-08-10 05:44 - 2011-07-04 22:33 - 00000000 ____D () C:\Users\Heather\Documents\LDW
2014-08-09 17:59 - 2014-08-09 17:59 - 00000000 ____D () C:\Users\Heather\AppData\Local\{7B4C40EC-E42E-4A61-9B26-212C3DB6751D}
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4A863419-41C7-48FD-BA1C-18FA3BD76CA2}
2014-08-08 00:35 - 2014-08-08 00:35 - 00000000 ____D () C:\Users\Heather\AppData\Local\{CF71C54D-6AF1-49BF-B60A-7D180803EB7D}
2014-08-06 21:06 - 2014-08-12 13:56 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-12 13:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 08:52 - 2012-08-10 06:02 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-06 08:51 - 2014-08-06 08:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-06 08:51 - 2014-08-06 08:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 08:51 - 2014-02-15 14:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-06 08:51 - 2013-07-15 21:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-06 08:51 - 2013-07-15 21:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-06 08:51 - 2012-08-10 06:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-06 08:51 - 2012-08-10 06:02 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-05 09:20 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 13:24 - 2014-08-04 13:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\{872A68D1-71A0-469E-9DC1-0CEF14656D2B}
2014-08-03 21:32 - 2013-09-12 20:55 - 00000000 ____D () C:\BigFishCache
2014-08-02 17:56 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\{4C7B1FE7-1DF2-46FF-B91A-2E9733DDB75E}
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-01 04:15 - 2014-08-01 04:15 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-07-31 18:46 - 2014-07-21 21:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 18:41 - 2014-08-12 14:00 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-12 14:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 16:22 - 2014-07-30 16:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\{07ADB35C-431C-4714-B73E-D28B96179D03}

Files to move or delete:
====================
C:\Users\Heather\jagex_cl_runescape_LIVE.dat
C:\Users\Heather\jagex_cl_runescape_LIVE1.dat
C:\Users\Heather\random.dat

Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-08-17 17:06

==================== End Of Log ============================


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 30 August 2014 - 04:49 AM

How is your computer running now?


Step 1

Please download this attached Attached File  fixlist.txt   321bytes   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 30 August 2014 - 12:29 PM

Hi Aharonov,

 

Well, to be honest I'm not sure how the computer is doing. I'm starting to think there is another problem? Or maybe my pc just isn't very compatible with your software? Mbar locked up, Combofix locked up, and so far it appears FRST with fixit is locking up. It says non-responsive on and off, and has for awhile now. I'll let it run for another hour or so and see what happens. Or maybe try a restart after that.

 

But, on the bright side, done with dllhost issues, and my pc no longer has to be manually set to enable internet downloading every few minutes, so I'm pretty happy to have gotten this far.

 

Well, so much for letting it run for another hour. FRST shut itself down, so I'll reboot and try again.


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#12 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 30 August 2014 - 12:33 PM

Just noticed that despite crashing, it did make a fixlog for you. So maybe it completed part or all of what you wanted? I don't know now if I should attempt to run it again, or move on to your next steps, so please advise.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-08-2014 01
Ran by Heather at 2014-08-30 12:05:39 Run:1
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-744858339-710463176-958911846-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
BHO: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611181155} ->  No File
DeleteJunctionsIndirectory: C:\Windows\system64
C:\Windows\system64
EmptyTemp:

*****************

"HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181155}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611181155}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181155}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611181155}" => Key not found.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
C:\Windows\system64 => Moved successfully.


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 30 August 2014 - 12:45 PM

FRST locked up at the last step which is really not important and just cosmetics. So what had to be done has been done. Please continue with the next step (ESET Onlinescanner).

#14 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:09:36 PM

Posted 31 August 2014 - 01:55 PM

I followed the link but couldn't download ESET properly.  At first it simply wouldn't let me, small pop up at bottom of screen said unable to download. I retried, and that worked. However, the icon on my desktop isn't a valid file. I have no admin privliges and it's asking me which file to use to open this.  Is there another link I can try, or is my pc perhaps missing a needed program/file to run this?


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users