Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Let's look deeper


  • This topic is locked This topic is locked
27 replies to this topic

#1 cook2465

cook2465

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 26 September 2014 - 02:04 PM

Here is the first DDS text logs: DDS and Attach
 
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Cook at 14:59:25 on 2014-09-26
Microsoft Windows 7 Home Premium N   6.1.7601.1.1252.1.1033.18.8104.5302 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WinPatrol System Monitor] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
uRun: [Google Update] "C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [AVG Family Safety] C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [BringMeSports EPM Support] "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\144545733323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\259636860596E656D27657563747 : DHCPNameServer = 192.168.33.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\34F4F4B4D20534F5E4564777F627B6F523 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\E496365634865656471686 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\E496365634865656471686 : DHCPNameServer = 204.193.144.84 174.78.110.87 75.75.76.76
TCP: Interfaces\{409807DA-5620-48E3-838D-8A45CA0C9A49} : DHCPNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{79079C59-E140-432F-A99F-1D6EBC4BDB70} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-3-17 22664]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-10 224896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-9-10 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-10 427360]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-10 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-10 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-10 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-10 50344]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-31 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-10 1809720]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 125584]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-7-30 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-9-23 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-7-30 23552]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-7-28 7101288]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-20 4799760]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-12-6 619904]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-12-6 598808]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-12 104560]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-10 122584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-3-12 2159728]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-9-10 29288]
S2 Bsecure;AVG Family Safety;C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe --> C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-10 860472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BSecACFltr;BSecACFltr;C:\Windows\System32\drivers\BSecACFltr.sys [2013-4-21 22832]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-12-6 14136]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-4-29 32152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-13 111616]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-11-12 40320]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-10 63704]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-24 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-7 31800]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-3-17 694888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-18 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-12-6 89912]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-12-6 15160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-12 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-3-12 27760]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-09-26 18:01:37 -------- d-----w- C:\ProgramData\Reimage Protector
2014-09-26 18:01:26 -------- d-----w- C:\Program Files\Reimage
2014-09-26 17:03:27 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{697ACDDC-94A8-4182-89DD-CA081F4240A2}\gapaengine.dll
2014-09-26 17:03:16 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0636F773-6B6B-4D17-88E3-CE39CBF001BB}\mpengine.dll
2014-09-25 21:50:23 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-25 18:34:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 18:34:19 -------- d-----w- C:\Program Files\iTunes
2014-09-25 18:34:19 -------- d-----w- C:\Program Files\iPod
2014-09-25 18:31:59 -------- d-----w- C:\Program Files\Bonjour
2014-09-25 18:31:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-09-23 19:09:48 -------- d-----w- C:\Users\Cook\AppData\Roaming\RealNetworks
2014-09-23 17:17:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 17:17:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 17:05:47 -------- d-----w- C:\ProgramData\RealNetworks
2014-09-23 17:05:47 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-09-23 17:04:36 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-09-23 17:03:11 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-09-23 17:03:11 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-09-22 21:03:09 -------- d-----w- C:\Windows\System32\catroot2
2014-09-22 11:07:34 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2014-09-19 12:06:40 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-19 12:06:40 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-17 22:14:32 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-09-17 21:33:38 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-09-17 21:10:46 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-09-17 00:12:54 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-16 23:57:44 -------- d-----w- C:\Windows\ERUNT
2014-09-16 22:32:21 -------- d-----w- C:\AdwCleaner
2014-09-13 07:00:56 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-13 07:00:56 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 11:06:36 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 11:06:36 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-12 11:06:21 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-12 11:06:21 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 11:05:59 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-12 11:05:59 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-12 11:05:58 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-12 11:05:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-12 11:05:58 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-12 11:05:56 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-12 11:05:55 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-11 21:13:39 -------- d-----w- C:\Users\Cook\AppData\Roaming\Compete
2014-09-11 21:12:09 -------- d-----w- C:\Users\Cook\AppData\Roaming\Itibiti
2014-09-11 21:11:59 -------- d-----w- C:\Program Files (x86)\Itibiti Soft Phone
2014-09-11 21:09:30 -------- d-----w- C:\Users\Cook\AppData\Roaming\Soya Mail
2014-09-11 21:09:10 -------- d-----w- C:\ProgramData\regid.1995-09.com.example
2014-09-11 01:00:50 159032 ----a-w- C:\Windows\System32\ATL90.dll
2014-09-10 12:35:09 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-09-10 12:34:58 43152 ----a-w- C:\Windows\avastSS.scr
2014-09-10 12:32:15 -------- d-----w- C:\Users\Cook\AppData\Roaming\AVAST Software
2014-09-10 12:29:44 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-09-10 12:29:44 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-09-10 12:29:43 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-09-10 12:29:43 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-09-10 12:29:42 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-10 12:29:41 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-09-05 19:42:12 -------- d-----w- C:\Riot Games
2014-09-03 18:29:48 -------- d-----w- C:\Users\Cook\AppData\Local\Adobe
2014-08-28 15:42:40 -------- d-----w- C:\Users\Cook\AppData\Roaming\Wondershare
2014-08-28 15:42:32 -------- d-----w- C:\Program Files\Wondershare
2014-08-28 15:21:59 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 15:21:59 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 15:21:58 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-09-26 18:47:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-10 12:49:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 12:49:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-28 18:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 18:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 22:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 22:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 15:00:10.00 ===============

Edit: Moved topic from Am I Infected to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 27 September 2014 - 06:06 AM

:welcome:

Hello cook2465,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 29 September 2014 - 08:57 AM

Thank you for your patience in my delayed reply.  Below is the first scan log from Security Check:

 

 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 11.7.700.169 Flash Player out of Date! 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#4 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 29 September 2014 - 09:04 AM

Here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by Cook (administrator) on COOK-PC on 29-09-2014 10:00:45
Running from E:\
Loaded Profile: Cook (Available profiles: Cook & Mike & Anna)
Platform: Windows 7 Home Premium N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Google Inc.) C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG Family Safety] => C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [BringMeSports EPM Support] => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-10] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-09-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol System Monitor] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [Google Update] => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.hushmail.com/preview/hushmail/#folder/Inbox
https://www.facebook.com/
https://www.registrationconnection.com/profile/web/index.cfm?PKwebID=0x6461f0ab
https://www.google.com/calendar/render
http://www.bleepingcomputer.com/forums/index.php?app=core&module=usercp&tab=core&area=notifications
SearchScopes: HKCU - {6DC72A3E-7128-4BBC-B29E-5FFB5B819C5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130519,0,0,25,7635
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-10] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-03] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [283032 2014-03-31] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7101288 2014-07-28] (Reimage®)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-10] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22664 2013-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-10] ()
S3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [22832 2011-06-14] () [File not signed]
S3 BSecACFltr; C:\Windows\SysWOW64\DRIVERS\BSecACFltr.sys [21624 2011-06-14] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 cpuz134; \??\C:\Users\Cook\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\Internet Explorer\SABProcEnum.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 10:00 - 2014-09-29 10:00 - 00000000 ____D () C:\FRST
2014-09-26 21:00 - 2014-09-26 21:00 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-26 15:01 - 2014-09-26 15:01 - 00026513 _____ () C:\Users\Cook\Desktop\DDS 1.txt
2014-09-26 15:01 - 2014-09-26 15:01 - 00012808 _____ () C:\Users\Cook\Desktop\Attach 1.txt
2014-09-26 14:58 - 2014-09-26 14:58 - 00688992 ____R (Swearware) C:\Users\Cook\Desktop\dds.com
2014-09-26 14:24 - 2014-09-26 14:24 - 00002119 _____ () C:\Users\Cook\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-26 14:14 - 2014-09-26 14:14 - 09690792 _____ () C:\Users\Cook\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-09-26 14:01 - 2014-09-26 14:22 - 00000000 ____D () C:\Program Files\Reimage
2014-09-26 14:01 - 2014-09-26 14:01 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-09-26 14:01 - 2014-09-26 14:01 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 14:32 - 2014-09-25 14:32 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-25 14:31 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-25 14:31 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 15:29 - 2014-09-23 15:29 - 27864920 _____ (Riot Games) C:\Users\Anna\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2014-09-23 15:18 - 2014-09-23 15:30 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Riot Games
2014-09-23 15:13 - 2014-09-23 15:13 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\AVAST Software
2014-09-23 15:13 - 2014-09-23 15:13 - 00000000 ____D () C:\Users\Anna\AppData\Local\Wondershare
2014-09-23 15:09 - 2014-09-26 21:00 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-23 15:09 - 2014-09-23 15:09 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\RealNetworks
2014-09-23 13:17 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 13:17 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-09-23 13:04 - 2014-09-23 13:04 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-09-22 16:13 - 2014-09-22 16:13 - 09700040 _____ () C:\Users\Cook\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-22 07:07 - 2014-09-22 07:07 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-09-21 22:17 - 2014-09-16 20:12 - 02347384 _____ (ESET) C:\Users\Cook\Desktop\esetsmartinstaller_enu.exe
2014-09-21 09:02 - 2014-09-21 09:02 - 00000000 ____D () C:\Users\Cook\Documents\Michael
2014-09-20 23:52 - 2014-09-20 23:52 - 00001224 _____ () C:\Users\Cook\Desktop\Revo Uninstaller.lnk
2014-09-20 11:30 - 2014-09-20 11:30 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Riot Games
2014-09-19 16:27 - 2014-09-19 16:27 - 00000729 _____ () C:\Users\Cook\Desktop\AdwCleaner - Shortcut.lnk
2014-09-19 09:44 - 2014-09-19 09:44 - 00000228 _____ () C:\Windows\SysWOW64\debug.log
2014-09-19 08:06 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-19 08:06 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-18 18:45 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-18 18:45 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-18 18:45 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-18 18:45 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-18 18:45 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-18 18:45 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-18 18:45 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-18 18:45 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-18 18:45 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-18 18:45 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-18 18:45 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-18 18:45 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-18 18:45 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-18 18:45 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-18 18:45 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-18 18:45 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-17 17:51 - 2014-09-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-17 17:27 - 2014-09-26 14:02 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-17 17:10 - 2014-09-17 17:14 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-17 15:15 - 2014-09-17 15:15 - 00448512 _____ (OldTimer Tools) C:\Users\Cook\Desktop\TFC.exe
2014-09-16 20:12 - 2014-09-16 20:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-16 19:57 - 2014-09-16 19:57 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 18:32 - 2014-09-22 16:08 - 00000000 ____D () C:\AdwCleaner
2014-09-16 16:44 - 2014-09-16 16:44 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Cook\Downloads\rkill_com
2014-09-16 16:16 - 2014-09-16 16:16 - 00000000 _____ () C:\Users\Cook\Downloads\JRT_exe.dmyb462.partial
2014-09-16 16:15 - 2014-09-16 16:15 - 00000000 _____ () C:\Users\Cook\Downloads\tdsskiller_zip.kns3xgr.partial
2014-09-16 16:15 - 2014-09-16 16:15 - 00000000 _____ () C:\Users\Cook\Downloads\AdwCleaner_exe.3mkcm5w.partial
2014-09-16 09:42 - 2014-09-19 07:42 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-15 20:55 - 2014-09-15 20:55 - 00895120 _____ (Google Inc.) C:\Users\Cook\Downloads\googleappssyncsetup.exe
2014-09-15 08:23 - 2014-09-19 07:42 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-13 22:16 - 2014-09-13 22:16 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AVAST Software
2014-09-13 03:12 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:12 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:12 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:12 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:12 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:12 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:12 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:12 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:12 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:12 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:12 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:12 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:12 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:12 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:12 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:12 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:12 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:12 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:12 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:12 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:12 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:12 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:12 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:12 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:12 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:12 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:12 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:12 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:12 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:12 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:12 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:12 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:12 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:12 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:12 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:12 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:12 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:12 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:12 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:12 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:12 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:12 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:12 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:12 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:12 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:12 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:12 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:12 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:12 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:12 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 08:22 - 2014-09-12 08:22 - 00003112 _____ () C:\Windows\System32\Tasks\{0A93DFAC-B0D1-4DB5-A5E5-85FE7C7F42EA}
2014-09-12 07:58 - 2014-09-12 07:59 - 19320096 _____ (SUPERAntiSpyware) C:\Users\Cook\Downloads\SUPERAntiSpyware.exe
2014-09-12 07:06 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 07:06 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 07:06 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 07:06 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 07:05 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 07:05 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 07:05 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 07:05 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 07:05 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 07:05 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 07:05 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 20:56 - 2014-09-11 20:56 - 04227520 _____ (http://www.maxuninstaller.com/ ) C:\Users\Cook\Downloads\MaxUninstaller_Setup.exe
2014-09-11 17:13 - 2014-09-11 17:13 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Compete
2014-09-11 17:12 - 2014-09-11 17:12 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Itibiti
2014-09-11 17:11 - 2014-09-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-09-11 17:09 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Soya Mail
2014-09-11 17:09 - 2014-09-11 17:09 - 00000000 ____D () C:\ProgramData\regid.1995-09.com.example
2014-09-11 14:27 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cook\Documents\The Final Scene
2014-09-10 21:00 - 2014-02-19 01:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2014-09-10 08:35 - 2014-09-10 08:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-10 08:34 - 2014-09-10 08:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-10 08:32 - 2014-09-10 08:32 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\AVAST Software
2014-09-10 08:30 - 2014-09-10 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-10 08:29 - 2014-09-18 16:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 08:29 - 2014-09-10 08:35 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-10 08:12 - 2014-09-10 08:16 - 00932720 _____ () C:\Users\Cook\Downloads\avast! Free Antivirus 2014 Setup.exe
2014-09-05 15:42 - 2014-09-20 23:59 - 00000000 ____D () C:\Riot Games
2014-09-04 15:28 - 2014-09-04 15:30 - 07242752 _____ () C:\Users\Cook\Downloads\FW_E2500_2.0.00.001_US_20140417.bin
2014-09-03 14:29 - 2014-09-10 08:49 - 00000000 ____D () C:\Users\Cook\AppData\Local\Adobe
2014-08-30 19:05 - 2014-08-30 19:05 - 00000000 ____D () C:\Users\Mike\AppData\Local\Wondershare

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 09:54 - 2009-07-14 01:12 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 09:44 - 2013-11-05 12:56 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA.job
2014-09-29 09:34 - 2012-11-30 20:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job
2014-09-29 09:33 - 2012-04-05 18:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-29 09:29 - 2013-01-14 22:43 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job
2014-09-29 09:20 - 2012-12-26 10:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 09:13 - 2014-07-10 10:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 09:13 - 2013-10-17 15:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA.job
2014-09-29 09:12 - 2012-03-12 08:49 - 01580309 _____ () C:\Windows\WindowsUpdate.log
2014-09-29 09:09 - 2009-07-14 00:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-29 09:09 - 2009-07-14 00:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-29 09:08 - 2012-04-03 10:06 - 00000000 ____D () C:\Users\Cook\AppData\Local\CrashDumps
2014-09-29 08:59 - 2012-12-26 10:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-29 08:59 - 2012-03-12 17:53 - 00000000 ____D () C:\Users\Cook
2014-09-29 08:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-29 08:58 - 2009-07-14 00:56 - 00160102 _____ () C:\Windows\setupact.log
2014-09-26 19:44 - 2013-11-05 12:56 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core.job
2014-09-26 14:26 - 2012-03-17 13:00 - 03632146 _____ () C:\Windows\PFRO.log
2014-09-26 14:13 - 2013-10-17 15:35 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core.job
2014-09-26 13:29 - 2013-01-14 22:43 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job
2014-09-25 18:33 - 2014-02-25 12:04 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\MediaMonkey
2014-09-25 14:34 - 2012-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:31 - 2012-03-17 22:43 - 00000000 ____D () C:\ProgramData\Apple
2014-09-24 18:36 - 2012-05-14 11:39 - 00000000 ____D () C:\Users\Cook\Documents\Recipes
2014-09-24 16:05 - 2014-08-12 20:31 - 00000000 ____D () C:\Users\Cook\Documents\Grand Connection
2014-09-24 09:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 16:21 - 2012-06-01 07:14 - 00000000 ____D () C:\Users\Anna\AppData\Local\CrashDumps
2014-09-23 15:16 - 2012-10-07 21:15 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5055FE43-DE42-4BE4-85A3-253099ABBAFA}
2014-09-23 15:13 - 2013-09-01 20:48 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1007
2014-09-23 15:13 - 2013-09-01 20:47 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1007
2014-09-23 15:13 - 2012-05-31 21:50 - 00110328 _____ () C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 15:13 - 2012-05-31 21:48 - 00000000 ____D () C:\Users\Anna
2014-09-23 13:08 - 2012-10-17 21:44 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Real
2014-09-23 13:06 - 2012-10-17 21:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-23 13:05 - 2012-12-26 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-23 13:04 - 2012-09-10 22:17 - 00000000 ____D () C:\ProgramData\Real
2014-09-22 17:03 - 2012-03-13 12:31 - 00110328 _____ () C:\Users\Cook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 17:02 - 2009-07-14 00:50 - 00418248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 16:57 - 2009-07-13 22:34 - 00000665 _____ () C:\Windows\win.ini
2014-09-22 16:53 - 2012-04-23 14:07 - 00786474 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-22 08:34 - 2012-11-30 20:34 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core.job
2014-09-22 07:05 - 2013-04-22 14:39 - 00000000 ____D () C:\Users\Cook\Documents\Virus Info
2014-09-22 02:42 - 2012-03-12 18:45 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 00:09 - 2013-04-22 14:40 - 00000000 ____D () C:\Users\Cook\Documents\Matthew
2014-09-21 00:08 - 2012-04-25 17:59 - 00000000 ____D () C:\Users\Cook\Documents\Caroline
2014-09-20 23:52 - 2013-05-07 13:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-20 18:05 - 2012-05-31 19:46 - 00000000 ____D () C:\Users\Mike
2014-09-19 09:44 - 2012-03-17 23:40 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Adobe
2014-09-18 19:06 - 2013-03-12 21:05 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-09-18 17:32 - 2014-08-13 18:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 17:29 - 2012-05-31 19:47 - 00110328 _____ () C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 15:40 - 2013-05-14 21:01 - 00000000 ____D () C:\Users\Cook\AppData\Local\PMB Files
2014-09-18 15:15 - 2013-05-14 21:00 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Riot Games
2014-09-17 18:18 - 2009-07-13 22:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_740
2014-09-17 17:21 - 2012-03-12 20:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-17 17:20 - 2013-06-13 13:43 - 00000000 ____D () C:\download
2014-09-17 17:12 - 2012-07-10 18:46 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-17 17:12 - 2009-07-14 01:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 17:11 - 2014-05-09 15:54 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-17 17:08 - 2013-11-13 17:48 - 00000000 ____D () C:\ProgramData\Big Fish
2014-09-17 17:07 - 2014-04-29 15:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-17 17:04 - 2012-03-31 12:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-17 15:46 - 2013-05-14 21:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-17 09:23 - 2014-06-20 12:30 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 08:32 - 2012-03-17 16:41 - 00000000 ____D () C:\Program Files (x86)\CMMFS 2007
2014-09-17 02:40 - 2013-04-09 15:59 - 00000000 ____D () C:\Users\Cook\AppData\Local\CRE
2014-09-16 20:16 - 2013-05-08 20:25 - 00002149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-15 22:25 - 2012-03-18 09:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-15 20:57 - 2012-03-18 09:16 - 00000000 ____D () C:\Users\Cook\AppData\Local\Google
2014-09-13 22:18 - 2012-05-31 20:07 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-09-13 03:15 - 2012-03-12 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 03:10 - 2013-08-15 09:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 03:10 - 2013-05-08 20:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-13 03:10 - 2013-05-08 20:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 03:10 - 2013-05-08 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 03:01 - 2012-03-12 18:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 03:00 - 2014-05-07 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 08:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-12 08:28 - 2012-10-15 15:56 - 00000000 ____D () C:\Users\Cook\AppData\Local\Unity
2014-09-11 20:40 - 2012-07-31 21:55 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-11 20:40 - 2012-07-31 21:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-11 20:24 - 2009-07-14 01:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{BDF256EE-292E-4963-84D8-E71715E4D166}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{A494BE66-E69A-41E9-A2FE-4EDBD6B80570}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{4912538D-53F0-4B18-9DF2-EFBBAAC0DDE6}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{1F34AB84-82BF-430B-8958-5A34483DA776}
2014-09-11 20:22 - 2012-05-31 21:52 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-09-11 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-11 11:45 - 2013-06-25 16:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\CRE
2014-09-10 21:44 - 2012-03-18 09:16 - 00000000 ____D () C:\Program Files\Google
2014-09-10 21:40 - 2012-04-03 09:50 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 10:20 - 2014-01-17 09:01 - 00000000 ____D () C:\ProgramData\Google
2014-09-10 08:49 - 2012-04-05 18:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 08:49 - 2012-04-05 18:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 08:49 - 2012-03-18 09:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 08:39 - 2014-01-09 18:27 - 00000000 ____D () C:\Users\Cook\Documents\Montreal 2014 Vacation
2014-09-10 08:35 - 2012-03-12 19:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-10 08:18 - 2012-03-12 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-05 15:50 - 2014-04-29 15:49 - 00000000 ____D () C:\Users\Cook\AppData\Local\Battle.net
2014-09-04 15:30 - 2014-01-04 16:57 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\vlc
2014-09-04 15:26 - 2014-08-28 11:42 - 00000000 ____D () C:\Program Files\Wondershare
2014-09-04 13:53 - 2012-03-17 16:42 - 00000000 ____D () C:\Users\Cook\.cmmfs
2014-09-04 13:52 - 2012-04-24 14:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-04 13:52 - 2012-04-24 14:54 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Skype
2014-09-04 13:51 - 2012-04-24 14:54 - 00000000 ____D () C:\ProgramData\Skype
2014-09-04 10:10 - 2014-07-21 12:17 - 00000000 ____D () C:\Users\Cook\Documents\Car Insurance Info
2014-08-31 19:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\Cook\AppData\Local\Temp\lowproc.exe
C:\Users\Cook\AppData\Local\Temp\Quarantine.exe
C:\Users\Cook\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Cook\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 13:18

==================== End Of Log ============================


Here is Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02
Ran by Cook at 2014-09-29 10:01:41
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Aimersoft DRM Media Converter(Build 1.5.3.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Vado AAC Codec (HKLM-x32\...\Creative Vado AAC Codec) (Version:  - Creative Technology Ltd)
Creative Vado AAC Codec (x32 Version: 1.0.0.1 - Creative Technology Ltd) Hidden
Creative Vado Effects Plugin (HKLM-x32\...\Creative Vado Effects Plugin) (Version:  - Creative Technology Ltd)
Creative Vado Effects Plugin (x32 Version: 1.0.0.4 - Creative Technology Ltd) Hidden
Creative Vado HD Codec (HKLM-x32\...\Creative Vado HD Codec) (Version:  - Creative Technology Ltd)
Creative Vado HD Codec (x32 Version: 1.0.0.4 - Creative Technology Ltd) Hidden
Creative Vado MP4 Reader (HKLM-x32\...\Creative Vado MP4 Reader) (Version:  - Creative Technology Ltd)
Creative Vado MP4 Reader (x32 Version: 1.0.0.1 - Creative Technology Ltd) Hidden
Crown Money Map™ Financial Software 2007 (HKLM-x32\...\Crown Money Map™ Financial Software 2007) (Version:  - Drake Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataNumen CAB Repair v2.0 (HKLM-x32\...\DataNumen CAB Repair v2.0) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{27979F37-AF9C-33DE-8437-76F7AEFAABAD}) (Version: 4.0.3.13724 - Google)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Talk Plugin (HKLM-x32\...\{51268A7D-4E1A-371A-9849-496D48930952}) (Version: 4.0.1.13525 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13310.0 - Linksys LLC)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nancy Drew® - Ransom of the Seven Ships (HKLM-x32\...\293ec12e99f3074f00d74ea0052525fe) (Version:  - GameHouse)
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\{10A10C6C-FF5E-40B2-A343-8D69E24167DF}) (Version: 1.0.0 - Her Interactive, Inc.)
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version:  - )
Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\{92D34E42-4C6F-11D5-A76D-006008D256FF}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PRO_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PRO_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PRO_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PRO_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PRO_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PRO_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 5.1.26.18340 - LeapFrog)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cook\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

22-09-2014 14:00:18 Windows Backup
22-09-2014 20:45:09 Tweaking.com - Windows Repair
23-09-2014 17:11:17 Windows Update
23-09-2014 20:37:13 Windows Update
25-09-2014 18:19:21 Removed Bonjour
25-09-2014 18:20:25 Removed Apple Software Update
25-09-2014 18:21:57 Removed Apple Mobile Device Support
25-09-2014 18:23:28 Removed Apple Application Support
25-09-2014 18:32:22 Installed iTunes
29-09-2014 13:10:48 Windows Update
29-09-2014 14:00:09 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-09-22 16:58 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {009547DB-08C6-4425-A6E3-EEFDEBC0E079} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {07B7F5BC-1099-4BA0-93D1-8B978D635B0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15DCFD1B-A1C9-486F-9431-B8952DF8367F} - System32\Tasks\{74A444BC-4340-499E-868F-1D15BF537506} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {1696DF10-72AD-4DF7-9B3E-E9D51DE31056} - System32\Tasks\{49A628DD-6265-4020-AD23-A7E2CDDB29C3} => C:\Program Files (x86)\CMMFS 2007\CMMFS.exe [2009-04-29] (Drake Software)
Task: {1A7BED47-183E-412E-837D-4AB4EC99C1B9} - System32\Tasks\{3405CC94-F766-4134-82D3-E32443FEF478} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {1F92D053-DC33-4D38-A9F9-75D61F85740C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {32B7C75A-E289-431F-8F86-E022E3F47611} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {35CD9E5E-E90E-4258-A074-248CAFBF96CD} - System32\Tasks\{CB6ED189-88AD-4888-801C-C20B96A781DE} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {3847B1E1-4364-4BA0-9C88-05CD699EB161} - System32\Tasks\{5F0C3DB6-4558-4F98-B5B0-1DFAA1A30B4F} => D:\setup.exe
Task: {3B6E3A5D-702F-4E77-8CE0-0688F68C43F5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {3C9ECDAC-90EE-43EB-ADDB-0801BB5E514D} - System32\Tasks\{04468A99-0F0E-4276-A773-51AE735203B1} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {3DE1C842-B127-45D1-856E-46059F9ACC41} - System32\Tasks\{2AA726C5-570E-4B43-A58B-0A00F5E73B7D} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {44B568F6-DEFA-43E6-A714-2A83C3EEA127} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {467A3C42-A717-4E5F-B520-F3CC385423CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {4C6DE079-8BA8-4E84-A817-5EDD7DEF5B95} - System32\Tasks\{CBD0E095-24FF-407F-8AAD-0294DBA4466C} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {4F64F838-7AA1-4511-B64B-FD744B14C146} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {5FF613B3-91BC-4A14-9334-39E1F48E9751} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {602D3590-ED53-4BD7-A2DB-10A964E0E5AC} - System32\Tasks\{FEE14B69-2D16-4B51-A7AC-7C473977018F} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {609238F3-6364-433F-8E14-1A9B9A68FAC4} - System32\Tasks\{4036AD12-363D-4006-8A2A-91D0BEC57787} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {62BDDDC2-65FE-4CCB-9E7A-655F38C3D19F} - System32\Tasks\{D609195A-4455-4649-BDC1-502BBC5302F7} => C:\Program Files (x86)\CMMFS 2007\CMMFS.exe [2009-04-29] (Drake Software)
Task: {689283F8-E304-44B5-9C53-2B22956EAB0F} - System32\Tasks\{152D6EBC-6A18-44B8-9A31-14BD0EF331BF} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {68F2708C-62C9-4383-99B0-C872CC67A5E7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {6CB51D0B-D270-4B64-863F-F06474F94277} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-10] (AVAST Software)
Task: {6E1C0E5F-53AD-47DA-860F-1111D1D9C4A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {6F5AEA4F-8344-42B1-BFDA-63C6C90FEBA6} - System32\Tasks\{3B8498EF-B367-491A-8B13-6860AB0ABC14} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
Task: {75574723-FBC8-4F7C-B491-EB94B86699D8} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {7BC794D6-1874-455F-8DB3-3F342B2B4871} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {86720549-1B5F-4F00-BF82-F5C4C00BB818} - System32\Tasks\{AA711D5A-6621-4E2D-8457-08B9250C3D97} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
Task: {8840D4B9-2429-4898-8082-6734D42A920F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8935D378-381A-4397-A3A4-BFF0903D091A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {8A97D6CD-9B3A-47D4-9D3E-06941D5076E4} - System32\Tasks\{57AE28E4-1C0C-4B88-A954-1AFE475BE456} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {8B1F37BF-B971-46B1-9D56-E1CD2E45F1AC} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {90209C33-0B9C-4E5A-8C6C-7AA15E2E7E93} - System32\Tasks\{2ECC5129-3BF9-4293-9E76-CA40451F8BB4} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {990BD2CF-B714-4B8D-A4BF-D59AB00BC1EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {9E478561-0974-4E52-B1F1-CC607598C8A6} - System32\Tasks\4577 => Wscript.exe C:\Users\Cook\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A50BE196-E52E-4DAA-AFB0-F2D09CDAEE7B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®)
Task: {A51877E8-1374-4E14-9051-912C10F76B00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {A577294A-4680-4650-A907-479A0E879584} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A7D856F5-DF28-4469-8B33-D368F65DB2DD} - System32\Tasks\{A4E8E10D-F9D0-4E5C-92C9-B0571CB0F4A8} => C:\Program Files (x86)\CMMFS 2007\CMMFS.exe [2009-04-29] (Drake Software)
Task: {ABE67491-86BE-44B3-8E32-3B00A3029AEF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {ADF2A7ED-A2D3-42BF-A1B4-BA938959EBA8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1007 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {B6B5C8B6-67F9-468C-85B2-69AAD0F34325} - System32\Tasks\{CDA147C7-5757-4ACE-AC12-AB463FEACCD2} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {BE7A5423-C8A4-4172-899C-3E6718C871B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BECE53D4-48B1-4D32-893E-89A8F9A1425B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C0709A27-C2A1-4C13-A1D1-C1E17EE55A05} - System32\Tasks\{E39DAD56-6C8C-48E0-96B6-EEDAB2334392} => D:\setup.exe
Task: {C349521D-C577-4F71-938E-7FAD07FB3F00} - System32\Tasks\{F4408956-B398-46A8-BBD8-5B32D7DF4CA3} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
Task: {C7D09327-C6CA-4C66-9FB8-FE9431B28864} - System32\Tasks\{0238960A-7697-484D-A371-75BB1DF83017} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {CF0A2225-26AE-4F45-9C3F-A4CDD0FDA1BB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {D0EB0EBD-F4AC-41F4-A9C0-F34EE480A433} - System32\Tasks\{0C6B7917-B247-49E4-B54F-36DCC36C784B} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
Task: {D1D9D39F-9D56-42AD-982F-35CAC1CEA757} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {D89B1964-BFA3-4AD8-B4EE-2A5C4379B725} - System32\Tasks\{21595B43-F850-491D-A723-850B0CCBBBE8} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
Task: {DC8CB382-560A-47E1-8DFF-8739B1E1DCCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {E0E0BAD2-C7EC-4BBA-8357-CE5E529B42EE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {ED52B6CB-A861-4224-A058-9CB7582B825D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ED657BA4-3D34-4C07-BD2B-C3C7D59520C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {EE565E85-F5DF-461A-B50C-60242006240B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {EFA548B6-17AA-4CB0-BDB0-60B299285123} - System32\Tasks\{5A249EEA-19E7-4454-9678-8EA11DA1DAC0} => D:\ICEAutoDisk1.exe
Task: {F437B459-6480-4FC6-BF12-65DF8E917E02} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1007 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {F59120BC-0DBD-4047-860D-41D803D8D52E} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core.job => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA.job => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core.job => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-31 15:23 - 2014-03-31 15:23 - 00283032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-12-06 20:46 - 2013-05-02 14:05 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-12-06 20:41 - 2012-12-11 14:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-02-14 17:53 - 2012-02-14 17:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-10 08:34 - 2014-09-10 08:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-28 18:40 - 2014-09-28 18:40 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092801\algo.dll
2014-09-29 08:59 - 2014-09-29 08:59 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092900\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-05-08 20:21 - 2014-04-22 14:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-08-28 11:42 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-28 11:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-09-10 08:34 - 2014-09-10 08:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:79DD4F33
AlternateDataStreams: C:\ProgramData\TEMP:E87CF820

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83800187.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83800187.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bsecure => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Bsecure => 2
MSCONFIG\Services: BsecureAV => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3903621085-115719457-3043737636-500 - Administrator - Disabled)
Anna (S-1-5-21-3903621085-115719457-3043737636-1007 - Limited - Enabled) => C:\Users\Anna
Cook (S-1-5-21-3903621085-115719457-3043737636-1000 - Administrator - Enabled) => C:\Users\Cook
Guest (S-1-5-21-3903621085-115719457-3043737636-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3903621085-115719457-3043737636-1002 - Limited - Enabled)
Mike (S-1-5-21-3903621085-115719457-3043737636-1005 - Limited - Enabled) => C:\Users\Mike

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2014 09:53:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2014 09:52:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2014 09:52:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2014 09:08:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000001863b
Faulting process id: 0x1738
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/29/2014 09:07:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000001863b
Faulting process id: 0x14a8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/29/2014 08:59:10 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (09/29/2014 08:59:10 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (09/28/2014 06:40:09 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (09/28/2014 06:40:08 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (09/26/2014 09:02:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000001863b
Faulting process id: 0x12dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (09/29/2014 08:59:18 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Cook-PC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

Error: (09/29/2014 08:58:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Family Safety service failed to start due to the following error:
%%2

Error: (09/28/2014 06:39:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Family Safety service failed to start due to the following error:
%%2

Error: (09/26/2014 09:00:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Cook-PC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

Error: (09/26/2014 08:57:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Family Safety service failed to start due to the following error:
%%2

Error: (09/26/2014 02:27:35 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Cook-PC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

Error: (09/26/2014 02:26:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Family Safety service failed to start due to the following error:
%%2

Error: (09/26/2014 00:51:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/26/2014 00:46:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Cook-PC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

Error: (09/26/2014 00:45:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Family Safety service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (03/27/2014 08:55:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1753 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (03/03/2013 07:02:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 467 seconds with 240 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-04-16 14:35:32.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 14:35:31.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8103.94 MB
Available physical RAM: 5004.27 MB
Total Pagefile: 16206.06 MB
Available Pagefile: 13181.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:292.53 GB) NTFS
Drive e: (Y) (Removable) (Total:0.24 GB) (Free:0.2 GB) NTFS
Drive g: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:112.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 422B6960)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 250 MB) (Disk ID: 73736572)
Partition 1: (Not Active) - (Size=866 GB) - (Type=72)
Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

==================== End Of Log ============================



#5 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 29 September 2014 - 09:09 AM

Hello cook2465,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 29 September 2014 - 03:40 PM

MBAR no malware found ./

 

Here is the report for AdwCleaner:

 

# AdwCleaner v3.310 - Report created 29/09/2014 at 16:35:08
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium N Service Pack 1 (64 bits)
# Username : Cook - COOK-PC
# Running from : E:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Reimage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v

[ File : C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

*************************

AdwCleaner[R0].txt - [34551 octets] - [16/09/2014 18:32:43]
AdwCleaner[R1].txt - [971 octets] - [19/09/2014 16:27:31]
AdwCleaner[R2].txt - [1030 octets] - [20/09/2014 23:15:56]
AdwCleaner[R3].txt - [1061 octets] - [22/09/2014 16:07:50]
AdwCleaner[R4].txt - [903 octets] - [29/09/2014 16:35:08]
AdwCleaner[S0].txt - [34694 octets] - [16/09/2014 18:46:45]
AdwCleaner[S1].txt - [1092 octets] - [20/09/2014 23:18:05]
AdwCleaner[S2].txt - [1123 octets] - [22/09/2014 16:08:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1143 octets] ##########



#7 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 29 September 2014 - 03:52 PM

Hello cook2465,

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 29 September 2014 - 04:20 PM

what about the AdwCleaner?  Do I clean that - it is prompting me saying that I didn't finish.  I don't want to hit the 'clean' button until you tell me to...



#9 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 29 September 2014 - 04:39 PM

AdwCleaner found only:
Folder Found : C:\Program Files\Reimage

Ok - push the clean button.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 29 September 2014 - 04:41 PM

Also - in your last post you said to enable my antivirus - I never diabled it - was I supposed to?  Will that affect the scans I have already done?



#11 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 29 September 2014 - 04:49 PM

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.

  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


Disable your antivirus before you run JRT, when the scan is done, enable your antivirus!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 29 September 2014 - 05:00 PM

Just caught that.  JRT is done -

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium N x64
Ran by Cook on Mon 09/29/2014 at 17:50:57.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Cook\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Cook\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Cook\appdata\local\thinstall"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/29/2014 at 17:52:59.69
End of JRT log
~~~~~~~~~~~~~~~~

 

Finally - my IE is working again.  Before the only way to get online was to do 'inPrivate Browsing"  Otherwise IE would say there was an error and that the program was going to be shut down.  Now for the last scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by Cook (administrator) on COOK-PC on 29-09-2014 17:58:35
Running from E:\
Loaded Profile: Cook (Available profiles: Cook & Mike & Anna)
Platform: Windows 7 Home Premium N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG Family Safety] => C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [BringMeSports EPM Support] => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-10] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-09-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol System Monitor] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [Google Update] => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.hushmail.com/preview/hushmail/#folder/Inbox
https://www.facebook.com/
https://www.registrationconnection.com/profile/web/index.cfm?PKwebID=0x6461f0ab
https://www.google.com/calendar/render
http://www.bleepingcomputer.com/forums/index.php?app=core&module=usercp&tab=core&area=notifications
SearchScopes: HKCU - {6DC72A3E-7128-4BBC-B29E-5FFB5B819C5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130519,0,0,25,7635
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-10] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-03] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [283032 2014-03-31] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-10] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22664 2013-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-10] ()
S3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [22832 2011-06-14] () [File not signed]
S3 BSecACFltr; C:\Windows\SysWOW64\DRIVERS\BSecACFltr.sys [21624 2011-06-14] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 cpuz134; \??\C:\Users\Cook\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\Internet Explorer\SABProcEnum.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 17:52 - 2014-09-29 17:52 - 00000919 _____ () C:\Users\Cook\Desktop\JRT.txt
2014-09-29 16:05 - 2014-09-29 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-29 16:02 - 2014-09-29 16:33 - 00000000 ____D () C:\Users\Cook\Desktop\mbar
2014-09-29 10:00 - 2014-09-29 17:58 - 00000000 ____D () C:\FRST
2014-09-26 21:00 - 2014-09-29 17:46 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-26 15:01 - 2014-09-26 15:01 - 00026513 _____ () C:\Users\Cook\Desktop\DDS 1.txt
2014-09-26 15:01 - 2014-09-26 15:01 - 00012808 _____ () C:\Users\Cook\Desktop\Attach 1.txt
2014-09-26 14:58 - 2014-09-26 14:58 - 00688992 ____R (Swearware) C:\Users\Cook\Desktop\dds.com
2014-09-26 14:24 - 2014-09-26 14:24 - 00002119 _____ () C:\Users\Cook\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-26 14:14 - 2014-09-26 14:14 - 09690792 _____ () C:\Users\Cook\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-09-26 14:01 - 2014-09-26 14:01 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-09-26 14:01 - 2014-09-26 14:01 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 14:32 - 2014-09-25 14:32 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-25 14:31 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-25 14:31 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 15:29 - 2014-09-23 15:29 - 27864920 _____ (Riot Games) C:\Users\Anna\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2014-09-23 15:18 - 2014-09-23 15:30 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Riot Games
2014-09-23 15:13 - 2014-09-23 15:13 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\AVAST Software
2014-09-23 15:13 - 2014-09-23 15:13 - 00000000 ____D () C:\Users\Anna\AppData\Local\Wondershare
2014-09-23 15:09 - 2014-09-29 17:46 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-23 15:09 - 2014-09-23 15:09 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\RealNetworks
2014-09-23 13:17 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 13:17 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-09-23 13:04 - 2014-09-23 13:04 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-09-23 13:03 - 2014-09-23 13:03 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-09-22 16:13 - 2014-09-22 16:13 - 09700040 _____ () C:\Users\Cook\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-22 07:07 - 2014-09-22 07:07 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-09-21 22:17 - 2014-09-16 20:12 - 02347384 _____ (ESET) C:\Users\Cook\Desktop\esetsmartinstaller_enu.exe
2014-09-21 09:02 - 2014-09-21 09:02 - 00000000 ____D () C:\Users\Cook\Documents\Michael
2014-09-20 23:52 - 2014-09-20 23:52 - 00001224 _____ () C:\Users\Cook\Desktop\Revo Uninstaller.lnk
2014-09-20 11:30 - 2014-09-20 11:30 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Riot Games
2014-09-19 16:27 - 2014-09-19 16:27 - 00000729 _____ () C:\Users\Cook\Desktop\AdwCleaner - Shortcut.lnk
2014-09-19 09:44 - 2014-09-19 09:44 - 00000228 _____ () C:\Windows\SysWOW64\debug.log
2014-09-19 08:06 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-19 08:06 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-18 18:45 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-18 18:45 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-18 18:45 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-18 18:45 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-18 18:45 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-18 18:45 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-18 18:45 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-18 18:45 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-18 18:45 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-18 18:45 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-18 18:45 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-18 18:45 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-18 18:45 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-18 18:45 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-18 18:45 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-18 18:45 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-17 17:51 - 2014-09-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-17 17:27 - 2014-09-26 14:02 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-17 15:15 - 2014-09-17 15:15 - 00448512 _____ (OldTimer Tools) C:\Users\Cook\Desktop\TFC.exe
2014-09-16 20:12 - 2014-09-16 20:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-16 19:57 - 2014-09-16 19:57 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 18:32 - 2014-09-29 17:45 - 00000000 ____D () C:\AdwCleaner
2014-09-16 16:44 - 2014-09-16 16:44 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Cook\Downloads\rkill_com
2014-09-16 16:16 - 2014-09-16 16:16 - 00000000 _____ () C:\Users\Cook\Downloads\JRT_exe.dmyb462.partial
2014-09-16 16:15 - 2014-09-16 16:15 - 00000000 _____ () C:\Users\Cook\Downloads\tdsskiller_zip.kns3xgr.partial
2014-09-16 16:15 - 2014-09-16 16:15 - 00000000 _____ () C:\Users\Cook\Downloads\AdwCleaner_exe.3mkcm5w.partial
2014-09-16 09:42 - 2014-09-19 07:42 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-15 20:55 - 2014-09-15 20:55 - 00895120 _____ (Google Inc.) C:\Users\Cook\Downloads\googleappssyncsetup.exe
2014-09-15 08:23 - 2014-09-19 07:42 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-13 22:16 - 2014-09-13 22:16 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AVAST Software
2014-09-13 03:12 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:12 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:12 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:12 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:12 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:12 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:12 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:12 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:12 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:12 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:12 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:12 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:12 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:12 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:12 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:12 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:12 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:12 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:12 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:12 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:12 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:12 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:12 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:12 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:12 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:12 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:12 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:12 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:12 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:12 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:12 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:12 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:12 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:12 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:12 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:12 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:12 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:12 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:12 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:12 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:12 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:12 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:12 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:12 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:12 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:12 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:12 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:12 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:12 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:12 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 08:22 - 2014-09-12 08:22 - 00003112 _____ () C:\Windows\System32\Tasks\{0A93DFAC-B0D1-4DB5-A5E5-85FE7C7F42EA}
2014-09-12 07:58 - 2014-09-12 07:59 - 19320096 _____ (SUPERAntiSpyware) C:\Users\Cook\Downloads\SUPERAntiSpyware.exe
2014-09-12 07:06 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 07:06 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 07:06 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 07:06 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 07:05 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 07:05 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 07:05 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 07:05 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 07:05 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 07:05 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 07:05 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 20:56 - 2014-09-11 20:56 - 04227520 _____ (http://www.maxuninstaller.com/ ) C:\Users\Cook\Downloads\MaxUninstaller_Setup.exe
2014-09-11 17:13 - 2014-09-11 17:13 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Compete
2014-09-11 17:12 - 2014-09-11 17:12 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Itibiti
2014-09-11 17:11 - 2014-09-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-09-11 17:09 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Soya Mail
2014-09-11 17:09 - 2014-09-11 17:09 - 00000000 ____D () C:\ProgramData\regid.1995-09.com.example
2014-09-11 14:27 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cook\Documents\The Final Scene
2014-09-10 21:00 - 2014-02-19 01:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2014-09-10 08:35 - 2014-09-10 08:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-10 08:34 - 2014-09-10 08:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-10 08:32 - 2014-09-10 08:32 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\AVAST Software
2014-09-10 08:30 - 2014-09-10 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-10 08:29 - 2014-09-18 16:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 08:29 - 2014-09-10 08:35 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-10 08:12 - 2014-09-10 08:16 - 00932720 _____ () C:\Users\Cook\Downloads\avast! Free Antivirus 2014 Setup.exe
2014-09-05 15:42 - 2014-09-20 23:59 - 00000000 ____D () C:\Riot Games
2014-09-04 15:28 - 2014-09-04 15:30 - 07242752 _____ () C:\Users\Cook\Downloads\FW_E2500_2.0.00.001_US_20140417.bin
2014-09-03 14:29 - 2014-09-10 08:49 - 00000000 ____D () C:\Users\Cook\AppData\Local\Adobe
2014-08-30 19:05 - 2014-08-30 19:05 - 00000000 ____D () C:\Users\Mike\AppData\Local\Wondershare

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 17:55 - 2009-07-14 00:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-29 17:55 - 2009-07-14 00:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-29 17:51 - 2012-03-12 08:49 - 01616036 _____ () C:\Windows\WindowsUpdate.log
2014-09-29 17:51 - 2009-07-14 01:12 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 17:47 - 2012-04-03 10:06 - 00000000 ____D () C:\Users\Cook\AppData\Local\CrashDumps
2014-09-29 17:46 - 2012-12-26 10:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-29 17:46 - 2012-03-17 13:00 - 03632456 _____ () C:\Windows\PFRO.log
2014-09-29 17:46 - 2012-03-12 17:53 - 00000000 ____D () C:\Users\Cook
2014-09-29 17:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-29 17:46 - 2009-07-14 00:56 - 00160158 _____ () C:\Windows\setupact.log
2014-09-29 17:44 - 2013-11-05 12:56 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA.job
2014-09-29 17:34 - 2012-11-30 20:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job
2014-09-29 17:33 - 2012-04-05 18:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-29 17:29 - 2013-01-14 22:43 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job
2014-09-29 17:20 - 2012-12-26 10:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 17:13 - 2013-10-17 15:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA.job
2014-09-29 16:49 - 2014-07-10 10:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 16:02 - 2014-07-10 08:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 14:13 - 2013-10-17 15:35 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core.job
2014-09-29 13:29 - 2013-01-14 22:43 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job
2014-09-26 19:44 - 2013-11-05 12:56 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core.job
2014-09-25 18:33 - 2014-02-25 12:04 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\MediaMonkey
2014-09-25 14:34 - 2012-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:31 - 2012-03-17 22:43 - 00000000 ____D () C:\ProgramData\Apple
2014-09-24 18:36 - 2012-05-14 11:39 - 00000000 ____D () C:\Users\Cook\Documents\Recipes
2014-09-24 16:05 - 2014-08-12 20:31 - 00000000 ____D () C:\Users\Cook\Documents\Grand Connection
2014-09-24 09:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 16:21 - 2012-06-01 07:14 - 00000000 ____D () C:\Users\Anna\AppData\Local\CrashDumps
2014-09-23 15:16 - 2012-10-07 21:15 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5055FE43-DE42-4BE4-85A3-253099ABBAFA}
2014-09-23 15:13 - 2013-09-01 20:48 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1007
2014-09-23 15:13 - 2013-09-01 20:47 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1007
2014-09-23 15:13 - 2012-05-31 21:50 - 00110328 _____ () C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 15:13 - 2012-05-31 21:48 - 00000000 ____D () C:\Users\Anna
2014-09-23 13:08 - 2012-10-17 21:44 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Real
2014-09-23 13:06 - 2012-10-17 21:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-23 13:05 - 2012-12-26 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-23 13:04 - 2012-09-10 22:17 - 00000000 ____D () C:\ProgramData\Real
2014-09-22 17:03 - 2012-03-13 12:31 - 00110328 _____ () C:\Users\Cook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 17:02 - 2009-07-14 00:50 - 00418248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 16:57 - 2009-07-13 22:34 - 00000665 _____ () C:\Windows\win.ini
2014-09-22 16:53 - 2012-04-23 14:07 - 00786474 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-22 08:34 - 2012-11-30 20:34 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core.job
2014-09-22 07:05 - 2013-04-22 14:39 - 00000000 ____D () C:\Users\Cook\Documents\Virus Info
2014-09-22 02:42 - 2012-03-12 18:45 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 00:09 - 2013-04-22 14:40 - 00000000 ____D () C:\Users\Cook\Documents\Matthew
2014-09-21 00:08 - 2012-04-25 17:59 - 00000000 ____D () C:\Users\Cook\Documents\Caroline
2014-09-20 23:52 - 2013-05-07 13:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-20 18:05 - 2012-05-31 19:46 - 00000000 ____D () C:\Users\Mike
2014-09-19 09:44 - 2012-03-17 23:40 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Adobe
2014-09-18 19:06 - 2013-03-12 21:05 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-09-18 17:32 - 2014-08-13 18:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 17:29 - 2012-05-31 19:47 - 00110328 _____ () C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 15:40 - 2013-05-14 21:01 - 00000000 ____D () C:\Users\Cook\AppData\Local\PMB Files
2014-09-18 15:15 - 2013-05-14 21:00 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Riot Games
2014-09-17 18:18 - 2009-07-13 22:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_740
2014-09-17 17:21 - 2012-03-12 20:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-17 17:20 - 2013-06-13 13:43 - 00000000 ____D () C:\download
2014-09-17 17:12 - 2012-07-10 18:46 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-17 17:12 - 2009-07-14 01:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 17:11 - 2014-05-09 15:54 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-17 17:08 - 2013-11-13 17:48 - 00000000 ____D () C:\ProgramData\Big Fish
2014-09-17 17:07 - 2014-04-29 15:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-17 17:04 - 2012-03-31 12:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-17 15:46 - 2013-05-14 21:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-17 09:23 - 2014-06-20 12:30 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 08:32 - 2012-03-17 16:41 - 00000000 ____D () C:\Program Files (x86)\CMMFS 2007
2014-09-16 20:16 - 2013-05-08 20:25 - 00002149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-15 22:25 - 2012-03-18 09:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-15 20:57 - 2012-03-18 09:16 - 00000000 ____D () C:\Users\Cook\AppData\Local\Google
2014-09-13 22:18 - 2012-05-31 20:07 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-09-13 03:15 - 2012-03-12 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 03:10 - 2013-08-15 09:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 03:10 - 2013-05-08 20:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-13 03:10 - 2013-05-08 20:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 03:10 - 2013-05-08 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 03:01 - 2012-03-12 18:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 03:00 - 2014-05-07 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 08:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-12 08:28 - 2012-10-15 15:56 - 00000000 ____D () C:\Users\Cook\AppData\Local\Unity
2014-09-11 20:40 - 2012-07-31 21:55 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-11 20:40 - 2012-07-31 21:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-11 20:24 - 2009-07-14 01:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{BDF256EE-292E-4963-84D8-E71715E4D166}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{A494BE66-E69A-41E9-A2FE-4EDBD6B80570}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{4912538D-53F0-4B18-9DF2-EFBBAAC0DDE6}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{1F34AB84-82BF-430B-8958-5A34483DA776}
2014-09-11 20:22 - 2012-05-31 21:52 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-09-11 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-11 11:45 - 2013-06-25 16:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\CRE
2014-09-10 21:44 - 2012-03-18 09:16 - 00000000 ____D () C:\Program Files\Google
2014-09-10 21:40 - 2012-04-03 09:50 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 10:20 - 2014-01-17 09:01 - 00000000 ____D () C:\ProgramData\Google
2014-09-10 08:49 - 2012-04-05 18:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 08:49 - 2012-04-05 18:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 08:49 - 2012-03-18 09:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 08:39 - 2014-01-09 18:27 - 00000000 ____D () C:\Users\Cook\Documents\Montreal 2014 Vacation
2014-09-10 08:35 - 2012-03-12 19:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-10 08:18 - 2012-03-12 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-05 15:50 - 2014-04-29 15:49 - 00000000 ____D () C:\Users\Cook\AppData\Local\Battle.net
2014-09-04 15:30 - 2014-01-04 16:57 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\vlc
2014-09-04 15:26 - 2014-08-28 11:42 - 00000000 ____D () C:\Program Files\Wondershare
2014-09-04 13:53 - 2012-03-17 16:42 - 00000000 ____D () C:\Users\Cook\.cmmfs
2014-09-04 13:52 - 2012-04-24 14:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-04 13:52 - 2012-04-24 14:54 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Skype
2014-09-04 13:51 - 2012-04-24 14:54 - 00000000 ____D () C:\ProgramData\Skype
2014-09-04 10:10 - 2014-07-21 12:17 - 00000000 ____D () C:\Users\Cook\Documents\Car Insurance Info
2014-08-31 19:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\Cook\AppData\Local\Temp\lowproc.exe
C:\Users\Cook\AppData\Local\Temp\Quarantine.exe
C:\Users\Cook\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Cook\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 13:18

==================== End Of Log ============================



#13 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 30 September 2014 - 07:34 AM

Hello cook2465,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (Running from E:\) as fixlist.txt

 
start
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-16 16:15 - 2014-09-16 16:15 - 00000000 _____ () C:\Users\Cook\Downloads\tdsskiller_zip.kns3xgr.partial
C:\ProgramData\hash.dat
EmptyTemp:
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:19 PM

Posted 30 September 2014 - 08:40 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02
Ran by Cook at 2014-09-30 09:33:08 Run:1
Running from E:\
Loaded Profile: Cook (Available profiles: Cook & Mike & Anna)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-16 16:15 - 2014-09-16 16:15 - 00000000 _____ () C:\Users\Cook\Downloads\tdsskiller_zip.kns3xgr.partial
C:\ProgramData\hash.dat
EmptyTemp:
end

*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1007\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3903621085-115719457-3043737636-1005\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Cook\Downloads\tdsskiller_zip.kns3xgr.partial => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
EmptyTemp: => Removed 1.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#15 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:19 AM

Posted 30 September 2014 - 09:27 AM

please follow the instructions and create a new FRST log:
 

...




***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users