Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Formerly infected with Crack tool and just found Mindspark and sweetIM


  • This topic is locked This topic is locked
91 replies to this topic

#1 cook2465

cook2465

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:30 AM

Posted 15 December 2014 - 09:33 AM

Hello!  I would like to get some help making sure that my m achine is completely clean.  Back in September it was discovered that my computer was infected with a Crack tool that my son downloaded at a pirate game site :0(  After several weeks of scanning, etc.  it was determined that it was gone, however, since then my computer has been sluggish, little things like scans not always woirking, sometimes finding my avast or MSSE turned off, etc. as well as my email not always responding correctly, programs freezing at times and just today my malware bytes discovered MIndspark and SweetIM (which I have quarrantined).  I would love your expert help to make sure all is correct and clean.  Since then the only change to my system is that I had to purchase a new router Linksys AC1200 EA6100 dualband smart wifi.  I am running:  Windows 7 Home Premium N, SP 1

 

My system is :  Intel Core i5-2500K CPU @ 3.30GHz 8GB RAM 64-bit

 

For security I have Malwarebytes free that I run scans on a regular basis, Microsoft Security Essentials and I just upgraded Avast from free to a one year subscription.  Currently that is frozen.

 

 



BC AdBot (Login to Remove)

 


#2 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:30 AM

Posted 15 December 2014 - 01:17 PM

I restarted my computer and avast is running fine now.  But WinPatrol detected a program that is a run once program listed below:

 

1418654417  What is listed via WinPatrol.  Cannot find it via windows search.  When I try to access the location via the winPatrol window, it does nothing.  What is this? 

 

I did a network security scan via Avast, and no issues.  I ran a full system virus scan via Avast: over the weekend and it found Threat:Win32:Malware-gen which has been deleted . 

 

I ran another one today and:  Nothing showed up but there were some files that could not be scanned:

C:\Users\Cook\AppData\Local\Solid State Networks\launcher.bundle|>launcher.dll

C:\Users\Cook\AppData\Local\Solid State Networks\launcher.bundle|>launcher.js

 

What is this? Anything that should raise concern?


Edited by cook2465, 15 December 2014 - 01:18 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 AM

Posted 20 December 2014 - 09:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559881 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:30 AM

Posted 21 December 2014 - 10:20 AM

:welcome:

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:30 AM

    Posted 26 December 2014 - 09:04 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:30 AM

    Posted 26 December 2014 - 05:27 PM

    I have reopened your topic


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 10:44 AM

    Here is the dds log, however, after downloading it and running the scan as in the directions i noticed the note stating to disconnect from the internet which i had not done.  Please advise if i  need to re-scan because of this.

     

    DDS Log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.17183
    Run by Cook at 10:42:16 on 2014-12-31
    Microsoft Windows 7 Home Premium N   6.1.7601.1.1252.1.1033.18.8104.5179 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\Tablet\Pen\WacomHost.exe
    C:\Program Files\Tablet\Wacom\WacomHost.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    uRun: [WinPatrol System Monitor] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    uRun: [Google Update] "C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableSecureUIAPath = dword:1
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\144545733323 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\259636860596E656D27657563747 : DHCPNameServer = 192.168.33.1 75.75.76.76 75.75.75.75
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\34F4F4B4D20534F5E4564777F627B6F523 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\C496E6B63797371373232323 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\E496365634865656471686 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\E496365634865656471686 : DHCPNameServer = 204.193.144.84 174.78.110.87 75.75.76.76
    TCP: Interfaces\{409807DA-5620-48E3-838D-8A45CA0C9A49} : DHCPNameServer = 97.64.183.164 97.64.209.37
    TCP: Interfaces\{79079C59-E140-432F-A99F-1D6EBC4BDB70} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{79079C59-E140-432F-A99F-1D6EBC4BDB70} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\jp5q03sr.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/|https://www.registrationconnection.com/user/index.cfm?|https://www.registrationconnection.com/profile/web/index.cfm?PKwebID=0x6461f0ab|https://www.facebook.com/|http://www.recreation.gov/campingFacilityDetails.do?contractCode=NRSO&parkId=70937
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Users\Cook\AppData\Local\Citrix\Plugins\104\npappdetector.dll
    FF - plugin: C:\Users\Cook\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Cook\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\jp5q03sr.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
    FF - plugin: C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-10 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-10 267632]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-3-17 28184]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-9-10 1050432]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-10 436624]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-10 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-10 83280]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-10 116728]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-28 50344]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-28 104416]
    R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-31 48488]
    R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-10 1871160]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 125584]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-20 4799760]
    R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-12-6 619904]
    R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-12-6 598808]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-12 104560]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-10 129752]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-3-17 694888]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-3-12 2159728]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-9-10 29288]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-9-10 29288]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-9-10 29288]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-9-10 29288]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-9-10 29288]
    S?Unknown aswNdisFlt;aswNdisFlt; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 BSecACFltr;BSecACFltr;C:\Windows\System32\drivers\BSecACFltr.sys [2013-4-21 22832]
    S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
    S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-12-6 14136]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-4-29 32152]
    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-11-12 40320]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-24 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-18 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
    S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-12-6 89912]
    S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-12-6 15160]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-12 1255736]
    S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
    S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-3-12 27760]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
    ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2014-12-31 14:26:02    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FFA6862-B4FA-40EB-923D-FD898EFBFF14}\mpengine.dll
    2014-12-29 14:22:31    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-12-29 01:13:49    --------    d-----w-    C:\Users\Cook\AppData\Roaming\Mount&Blade Warband
    2014-12-27 02:10:35    --------    d-----w-    C:\Users\Cook\AppData\Local\Fallout3
    2014-12-23 04:20:51    --------    d-----w-    C:\Users\Cook\AppData\Roaming\HeroesAndGeneralsDesktop
    2014-12-21 00:31:10    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
    2014-12-21 00:31:10    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
    2014-12-21 00:31:10    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
    2014-12-21 00:31:10    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
    2014-12-21 00:31:10    --------    d-----w-    C:\Program Files (x86)\OpenAL
    2014-12-20 19:18:59    --------    d-----w-    C:\Program Files (x86)\Steam
    2014-12-19 13:43:52    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C1BD9C94-424C-437E-9974-37F444F39AFB}\gapaengine.dll
    2014-12-19 00:29:03    --------    d-----w-    C:\Program Files (x86)\EA Games
    2014-12-17 16:56:09    --------    d-----w-    C:\Users\Cook\AppData\Local\AvastSupport
    2014-12-16 12:58:06    --------    d-sh--w-    C:\Jumpshot
    2014-12-16 12:58:03    --------    d-----w-    C:\gnupg
    2014-12-10 21:37:30    --------    d-----w-    C:\Windows\System32\appraiser
    2014-12-10 19:43:10    55808    ----a-w-    C:\Windows\System32\rrinstaller.exe
    2014-12-10 19:43:10    24576    ----a-w-    C:\Windows\System32\mfpmp.exe
    2014-12-10 19:43:10    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
    2014-12-10 19:43:10    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
    2014-12-10 19:43:10    2048    ----a-w-    C:\Windows\System32\mferror.dll
    2014-12-10 19:43:09    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
    2014-12-10 19:43:09    4121600    ----a-w-    C:\Windows\System32\mf.dll
    2014-12-10 19:43:09    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
    2014-12-10 19:43:09    206848    ----a-w-    C:\Windows\System32\mfps.dll
    2014-12-10 19:43:09    103424    ----a-w-    C:\Windows\SysWow64\mfps.dll
    2014-12-10 19:36:52    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
    2014-12-10 15:49:06    94320    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2014-12-03 06:31:20    227048    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M  ====================
    .
    2014-12-31 14:29:11    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-27 02:53:25    283032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
    2014-12-27 02:53:25    283032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
    2014-12-20 03:24:51    282296    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
    2014-12-19 00:49:47    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
    2014-12-16 12:54:24    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-16 12:54:24    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-12-04 02:50:55    413184    ----a-w-    C:\Windows\System32\generaltel.dll
    2014-12-04 02:50:45    741376    ----a-w-    C:\Windows\System32\invagent.dll
    2014-12-04 02:50:40    396800    ----a-w-    C:\Windows\System32\devinv.dll
    2014-12-04 02:50:38    830976    ----a-w-    C:\Windows\System32\appraiser.dll
    2014-12-04 02:50:37    227328    ----a-w-    C:\Windows\System32\aepdu.dll
    2014-12-04 02:50:37    192000    ----a-w-    C:\Windows\System32\aepic.dll
    2014-12-04 02:44:48    1083392    ----a-w-    C:\Windows\System32\aeinv.dll
    2014-12-01 23:28:44    1232040    ----a-w-    C:\Windows\System32\aitstatic.exe
    2014-11-28 18:07:12    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
    2014-11-28 18:06:57    116728    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
    2014-11-28 18:06:56    83280    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
    2014-11-28 18:06:56    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
    2014-11-28 18:06:56    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
    2014-11-28 18:06:55    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
    2014-11-28 18:06:55    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
    2014-11-28 18:06:53    43152    ----a-w-    C:\Windows\avastSS.scr
    2014-11-28 18:06:29    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
    2014-11-21 11:14:22    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
    2014-11-21 11:14:12    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-21 11:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2014-11-21 08:38:00    2237952    ----a-w-    C:\Windows\System32\wininet.dll
    2014-11-21 08:37:51    600576    ----a-w-    C:\Windows\System32\vbscript.dll
    2014-11-21 08:36:24    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
    2014-11-21 08:36:17    67072    ----a-w-    C:\Windows\System32\iesetup.dll
    2014-11-21 08:36:17    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
    2014-11-21 08:35:42    1509376    ----a-w-    C:\Windows\System32\inetcpl.cpl
    2014-11-21 07:17:51    1762816    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2014-11-21 07:17:44    523264    ----a-w-    C:\Windows\SysWow64\vbscript.dll
    2014-11-21 07:16:46    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2014-11-21 07:16:42    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
    2014-11-21 07:16:42    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
    2014-11-21 07:16:16    1441280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
    2014-11-21 07:00:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
    2014-11-21 06:54:49    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2014-11-21 06:31:56    441856    ----a-w-    C:\Windows\System32\html.iec
    2014-11-21 06:24:52    361984    ----a-w-    C:\Windows\SysWow64\html.iec
    2014-11-21 06:05:06    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
    2014-11-21 05:59:00    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2014-11-18 19:56:48    1202848    ----a-w-    C:\Windows\SysWow64\FM20.DLL
    2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
    2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
    2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
    2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
    2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
    2014-11-08 03:16:08    2048    ----a-w-    C:\Windows\System32\tzres.dll
    2014-11-08 02:45:09    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
    2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
    2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
    2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
    2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
    2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
    2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
    2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
    2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
    2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
    2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
    2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
    2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
    2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
    2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
    2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
    2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
    2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
    2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
    2014-10-03 02:12:23    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
    2014-10-03 02:12:23    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
    2014-10-03 02:12:22    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
    2014-10-03 02:12:22    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
    2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
    2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
    2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
    2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
    2014-10-03 02:11:49    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
    2014-10-03 01:45:03    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
    2014-10-03 01:45:03    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
    2014-10-03 01:45:03    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
    2014-10-03 01:45:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
    2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
    2014-10-03 01:44:25    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
    .
    ============= FINISH: 10:43:05.74 ===============
     



    #8 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:15 AM

    I am currently running the aswMBR scan.  I hope that i didn't make a mistake.  it sat idle for so long i thought it was done, so I saved the log - 'm not sure it was, so i tried hitting the stop button and then I restarted.  It is either still going or re-scanning.  I will not touch it until I am sure it is done, but for what it is worth, here is the first log I saved:

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2014-12-31 10:51:17
    -----------------------------
    10:51:17.054    OS Version: Windows x64 6.1.7601 Service Pack 1
    10:51:17.054    Number of processors: 4 586 0x2A07
    10:51:17.055    ComputerName: COOK-PC  UserName: Cook
    10:51:35.943    Initialize success
    10:51:36.016    VM: initialized successfully
    10:51:36.017    VM: Intel CPU BiosDisabled
    10:51:38.877    AVAST engine defs: 14123100
    10:52:52.655    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    10:52:52.658    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
    10:52:52.765    Disk 0 MBR read successfully
    10:52:52.769    Disk 0 MBR scan
    10:52:52.773    Disk 0 Windows 7 default MBR code
    10:52:52.785    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    10:52:52.792    Disk 0 default boot code
    10:52:52.805    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
    10:52:52.823    Disk 0 scanning C:\Windows\system32\drivers
    10:53:04.079    Service scanning
    10:53:27.025    Modules scanning
    10:53:27.038    Disk 0 trace - called modules:
    10:53:27.053    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    10:53:27.059    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc5060]
    10:53:27.063    3 CLASSPNP.SYS[fffff880019c443f] -> nt!IofCallDriver -> [0xfffffa800775d520]
    10:53:27.066    5 ACPI.sys[fffff88000d4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007b11060]
    10:53:27.492    AVAST engine scan C:\Windows
    10:53:29.823    AVAST engine scan C:\Windows\system32
    10:59:00.657    AVAST engine scan C:\Windows\system32\drivers
    11:00:19.577    AVAST engine scan C:\Users\Cook
    11:08:10.238    Disk 0 MBR has been saved successfully to "C:\Users\Cook\Desktop\MBR.dat"
    11:08:10.258    The log file has been saved successfully to "C:\Users\Cook\Desktop\aswMBR.txt"

     



    #9 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:16 AM

    BTW, Happy New Year and thank you for your well wishes last week.



    #10 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:18 AM

    Glad we didn't lose you, DDS really does not show us the whole picture , go ahead and run FRST as I posted, there will be two logs FRST and Additions, post them both please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #11 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:24 AM

    what about this aswMBR - it seems to still be scanning?  It is taking a VERY long time...  Can I run both at the same time or do I stop the aswMBR and run the FRST or just wait and then run the FRST.


    Edited by cook2465, 31 December 2014 - 11:27 AM.


    #12 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:43 AM

    Go ahead and stop aswMBR, if it gives you trouble you can go to Task Manager ( Ctrl...Alt...Del ) and End Task. You already posted the log from that and it looks ok


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #13 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:45 AM

    oops, I took a chance and ran FRST along with the other running, here are the logs:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
    Ran by Cook (administrator) on COOK-PC on 31-12-2014 11:41:33
    Running from C:\Users\Cook\Desktop
    Loaded Profile: Cook (Available profiles: Cook & Mike & Anna)
    Platform: Windows 7 Home Premium N Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    (Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Users\Cook\Desktop\aswMBR.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol System Monitor] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [533568 2014-04-22] (BillP Studios)
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [Google Update] => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    HKU\S-1-5-21-3903621085-115719457-3043737636-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.registrationconnection.com/user/index.cfm?
    https://www.registrationconnection.com/profile/web/index.cfm?PKwebID=0x6461f0ab
    https://www.hushmail.com/preview/hushmail/#folder/Inbox
    https://www.facebook.com/
    https://hotelexcellencelms.claresco.com/moodle/course/view.php?id=4
    https://hotelexcellence.marriott.com/home
    SearchScopes: HKU\S-1-5-21-3903621085-115719457-3043737636-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-3903621085-115719457-3043737636-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
    DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{79079C59-E140-432F-A99F-1D6EBC4BDB70}: [NameServer] 208.67.222.222,208.67.220.220

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\jp5q03sr.default
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://www.bing.com/|https://www.registrationconnection.com/user/index.cfm?|https://www.registrationconnection.com/profile/web/index.cfm?PKwebID=0x6461f0ab|https://www.facebook.com/|hxxp://www.recreation.gov/campingFacilityDetails.do?contractCode=NRSO&parkId=70937
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Cook\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: @talk.google.com/O1DPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cook\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3903621085-115719457-3043737636-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Battlefield Heroes Updater - C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\jp5q03sr.default\Extensions\battlefieldheroespatcher@ea.com [2014-12-18]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-28]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-28] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-28] (AVAST Software)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-18] ()
    S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
    R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-28] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-28] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-28] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-28] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-28] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-28] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-28] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-28] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-28] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-28] ()
    S3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [22832 2011-06-14] () [File not signed]
    S3 BSecACFltr; C:\Windows\SysWOW64\DRIVERS\BSecACFltr.sys [21624 2011-06-14] ()
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-04-29] ()
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    U3 aswMBR; \??\C:\Users\Cook\AppData\Local\Temp\aswMBR.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-31 11:41 - 2014-12-31 11:42 - 00019451 _____ () C:\Users\Cook\Desktop\FRST.txt
    2014-12-31 11:25 - 2014-12-31 11:25 - 02123264 _____ (Farbar) C:\Users\Cook\Desktop\FRST64.exe
    2014-12-31 11:08 - 2014-12-31 11:08 - 00001980 _____ () C:\Users\Cook\Desktop\aswMBR.txt
    2014-12-31 11:08 - 2014-12-31 11:08 - 00000512 _____ () C:\Users\Cook\Desktop\MBR.dat
    2014-12-31 10:34 - 2014-12-31 10:34 - 00001990 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
    2014-12-31 10:34 - 2014-12-31 10:34 - 00001930 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
    2014-12-31 10:33 - 2014-11-28 13:06 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-12-31 10:04 - 2014-12-31 10:04 - 00017052 _____ () C:\HijackPatrol.log
    2014-12-30 22:28 - 2014-12-30 22:28 - 00000000 ____D () C:\Users\Anna\Documents\Mount&Blade Warband Savegames
    2014-12-30 22:27 - 2014-12-30 22:28 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Mount&Blade Warband
    2014-12-30 22:27 - 2014-12-30 22:27 - 00000000 ____D () C:\Users\Anna\Documents\Mount&Blade Warband
    2014-12-28 20:16 - 2014-12-28 22:10 - 00000000 ____D () C:\Users\Cook\Documents\Mount&Blade Warband Savegames
    2014-12-28 20:13 - 2014-12-30 22:44 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Mount&Blade Warband
    2014-12-28 20:13 - 2014-12-28 20:16 - 00000000 ____D () C:\Users\Cook\Documents\Mount&Blade Warband
    2014-12-26 21:10 - 2014-12-26 21:10 - 00000000 ____D () C:\Users\Cook\AppData\Local\Fallout3
    2014-12-22 14:55 - 2014-12-22 14:56 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\DarkSoulsII
    2014-12-22 14:51 - 2014-12-22 14:52 - 00000000 ____D () C:\Users\Anna\AppData\Local\Mozilla
    2014-12-21 16:51 - 2014-12-21 16:51 - 05198336 _____ (AVAST Software) C:\Users\Cook\Desktop\aswMBR.exe
    2014-12-20 19:31 - 2014-12-20 19:31 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2014-12-20 19:31 - 2014-12-20 19:31 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2014-12-20 19:31 - 2014-12-20 19:31 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2014-12-20 19:31 - 2014-12-20 19:31 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2014-12-20 19:31 - 2014-12-20 19:31 - 00000000 ____D () C:\Program Files (x86)\OpenAL
    2014-12-20 14:19 - 2014-12-20 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2014-12-20 14:18 - 2014-12-30 22:41 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-19 10:10 - 2014-12-19 10:10 - 00003522 _____ () C:\Users\Cook\Downloads\EXPORT 12-19-14.CSV
    2014-12-18 19:37 - 2014-12-18 21:03 - 00000000 ____D () C:\Users\Cook\Documents\Battlefield Heroes
    2014-12-18 19:35 - 2014-12-18 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
    2014-12-18 19:29 - 2014-12-18 19:29 - 00000000 ____D () C:\Program Files (x86)\EA Games
    2014-12-17 11:56 - 2014-12-17 11:56 - 00000000 ____D () C:\Users\Cook\AppData\Local\AvastSupport
    2014-12-16 07:58 - 2014-12-16 17:55 - 00000000 __SHD () C:\Jumpshot
    2014-12-16 07:58 - 2014-12-16 07:58 - 00000000 ____D () C:\gnupg
    2014-12-15 14:07 - 2014-12-15 14:08 - 00004924 _____ () C:\Users\Cook\Downloads\EXPORT.CSV
    2014-12-10 16:55 - 2014-12-10 16:55 - 00000000 ____H () C:\Users\Cook\Documents\Default.rdp
    2014-12-10 16:37 - 2014-12-10 16:37 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-10 14:43 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-10 14:43 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-10 14:43 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-12-10 14:43 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-12-10 14:43 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-12-10 14:43 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-12-10 14:43 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-12-10 14:43 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-12-10 14:43 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-12-10 14:43 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-12-10 14:37 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-10 14:37 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-10 14:37 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-10 14:37 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-10 14:37 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-10 14:37 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-10 14:37 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-10 14:37 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-10 14:37 - 2014-11-21 03:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 14:37 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-10 14:37 - 2014-11-21 03:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 14:37 - 2014-11-21 03:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 14:37 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-10 14:37 - 2014-11-21 03:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 14:37 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-10 14:37 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-10 14:37 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-10 14:37 - 2014-11-21 02:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-10 14:37 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-10 14:37 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-10 14:37 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-10 14:37 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-10 14:37 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 14:37 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-10 14:37 - 2014-11-21 01:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-10 14:37 - 2014-11-21 01:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-10 14:37 - 2014-11-21 01:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-12-10 14:37 - 2014-11-21 00:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-12-10 14:36 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 14:36 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 14:36 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-10 14:36 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 14:36 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 14:36 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-10 14:36 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-10 14:36 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-10 14:36 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-10 14:36 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-10 14:36 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-10 14:36 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-10 14:36 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-10 14:36 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-10 14:36 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-10 14:36 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-10 14:36 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-10 10:49 - 2014-12-10 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-31 11:41 - 2014-10-08 18:45 - 00000000 ____D () C:\FRST
    2014-12-31 11:33 - 2012-04-05 17:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-31 11:31 - 2014-07-10 09:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-31 11:29 - 2013-01-14 21:43 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job
    2014-12-31 11:13 - 2014-11-24 20:12 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job
    2014-12-31 11:13 - 2013-10-17 14:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA.job
    2014-12-31 11:09 - 2012-11-30 19:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job
    2014-12-31 10:54 - 2009-07-13 23:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-31 10:54 - 2009-07-13 23:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-31 10:52 - 2012-03-12 07:49 - 01893906 _____ () C:\Windows\WindowsUpdate.log
    2014-12-31 10:51 - 2012-12-26 09:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-31 10:50 - 2012-12-26 09:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-31 10:49 - 2014-11-23 22:13 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3903621085-115719457-3043737636-1000.job
    2014-12-31 10:48 - 2012-03-17 12:00 - 03652844 _____ () C:\Windows\PFRO.log
    2014-12-31 10:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-31 10:48 - 2009-07-13 23:56 - 00167280 _____ () C:\Windows\setupact.log
    2014-12-31 10:47 - 2013-11-05 11:56 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA.job
    2014-12-31 10:40 - 2012-05-14 10:39 - 00000000 ____D () C:\Users\Cook\Documents\Recipes
    2014-12-31 10:34 - 2014-11-28 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-12-31 10:33 - 2014-09-10 07:29 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-12-30 22:47 - 2013-11-05 11:56 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core.job
    2014-12-30 22:26 - 2012-06-01 06:07 - 00000278 __RSH () C:\Users\Anna\ntuser.pol
    2014-12-30 22:26 - 2012-05-31 20:48 - 00000000 ____D () C:\Users\Anna
    2014-12-30 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-30 14:13 - 2013-10-17 14:35 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core.job
    2014-12-30 13:29 - 2013-01-14 21:43 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job
    2014-12-28 22:07 - 2014-11-23 22:13 - 00003578 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3903621085-115719457-3043737636-1000
    2014-12-26 21:53 - 2014-03-31 14:23 - 00283032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
    2014-12-26 21:53 - 2013-01-30 18:18 - 00283032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
    2014-12-26 21:12 - 2012-04-03 09:06 - 00000000 ____D () C:\Users\Cook\AppData\Local\CrashDumps
    2014-12-26 21:12 - 2009-07-14 00:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-26 21:05 - 2012-03-19 14:45 - 00238225 _____ () C:\Windows\DirectX.log
    2014-12-26 21:03 - 2014-01-29 21:24 - 00000000 ____D () C:\Users\Cook\Documents\my games
    2014-12-22 19:48 - 2014-07-02 17:46 - 00000000 ____D () C:\Users\Cook\AppData\Local\wf-launcher
    2014-12-22 19:48 - 2014-07-02 17:46 - 00000000 ____D () C:\ProgramData\GFACE
    2014-12-22 16:39 - 2012-11-10 00:52 - 00000000 ____D () C:\Users\Anna\Documents\my games
    2014-12-22 14:52 - 2014-11-30 16:59 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Mozilla
    2014-12-22 11:48 - 2014-02-25 11:04 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\MediaMonkey
    2014-12-20 14:17 - 2014-05-09 14:54 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2014-12-20 12:04 - 2009-07-14 00:12 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-19 22:24 - 2014-03-31 14:23 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
    2014-12-19 15:42 - 2012-03-12 21:20 - 00000000 ____D () C:\Users\Cook\AppData\Local\Microsoft Help
    2014-12-18 19:49 - 2014-03-31 14:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-12-18 19:43 - 2013-01-30 18:18 - 00000000 ____D () C:\Users\Cook\AppData\Local\PunkBuster
    2014-12-16 07:54 - 2012-04-05 17:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-16 07:54 - 2012-04-05 17:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-16 07:54 - 2012-03-18 08:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-14 13:16 - 2014-08-13 17:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-13 04:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-13 03:17 - 2014-11-24 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-12 19:17 - 2012-04-25 16:59 - 00000000 ____D () C:\Users\Cook\Documents\Caroline
    2014-12-11 12:02 - 2014-08-12 19:31 - 00000000 ____D () C:\Users\Cook\Documents\Grand Connection
    2014-12-10 16:37 - 2014-05-07 22:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-10 16:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-10 14:49 - 2012-03-12 21:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 14:43 - 2013-08-15 08:10 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 14:43 - 2012-03-12 17:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-06 19:37 - 2009-07-14 00:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-04 15:36 - 2012-03-17 15:41 - 00000000 ____D () C:\Users\Cook\Documents\Finances
    2014-12-04 13:02 - 2012-10-07 20:15 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5055FE43-DE42-4BE4-85A3-253099ABBAFA}
    2014-12-02 19:15 - 2014-07-10 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 19:15 - 2014-07-10 07:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    Some content of TEMP:
    ====================
    C:\Users\Cook\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-30 13:11

    ==================== End Of Log ============================


    Here is the Additions log:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
    Ran by Cook at 2014-12-31 11:42:50
    Running from C:\Users\Cook\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
    Aimersoft DRM Media Converter(Build 1.5.3.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
    Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
    Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
    Creative Vado AAC Codec (HKLM-x32\...\Creative Vado AAC Codec) (Version:  - Creative Technology Ltd)
    Creative Vado AAC Codec (x32 Version: 1.0.0.1 - Creative Technology Ltd) Hidden
    Creative Vado Effects Plugin (HKLM-x32\...\Creative Vado Effects Plugin) (Version:  - Creative Technology Ltd)
    Creative Vado Effects Plugin (x32 Version: 1.0.0.4 - Creative Technology Ltd) Hidden
    Creative Vado HD Codec (HKLM-x32\...\Creative Vado HD Codec) (Version:  - Creative Technology Ltd)
    Creative Vado HD Codec (x32 Version: 1.0.0.4 - Creative Technology Ltd) Hidden
    Creative Vado MP4 Reader (HKLM-x32\...\Creative Vado MP4 Reader) (Version:  - Creative Technology Ltd)
    Creative Vado MP4 Reader (x32 Version: 1.0.0.1 - Creative Technology Ltd) Hidden
    Crown Money Map™ Financial Software 2007 (HKLM-x32\...\Crown Money Map™ Financial Software 2007) (Version:  - Drake Software)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
    DataNumen CAB Repair v2.0 (HKLM-x32\...\DataNumen CAB Repair v2.0) (Version:  - )
    Extended Update (HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Talk Plugin (HKLM-x32\...\{51268A7D-4E1A-371A-9849-496D48930952}) (Version: 4.0.1.13525 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
    LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
    LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
    LeapFrog Tag Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
    Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION
    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13310.0 - Linksys LLC)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nancy Drew® - Ransom of the Seven Ships (HKLM-x32\...\293ec12e99f3074f00d74ea0052525fe) (Version:  - GameHouse)
    Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\{10A10C6C-FF5E-40B2-A343-8D69E24167DF}) (Version: 1.0.0 - Her Interactive, Inc.)
    Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version:  - )
    Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\{92D34E42-4C6F-11D5-A76D-006008D256FF}) (Version:  - )
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
    PlanetSide 2 (HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
    Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)
    Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
    Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.2 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 5.1.26.18340 - LeapFrog)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
    Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.)
    Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
    WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
    WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
    Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
    WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
    WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
    XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cook\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3903621085-115719457-3043737636-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points  =========================

    21-12-2014 19:18:47 Installed DirectX
    22-12-2014 10:00:21 Windows Backup
    26-12-2014 18:41:03 Windows Update
    26-12-2014 21:03:33 Installed DirectX
    26-12-2014 21:05:20 Installed Microsoft Games for Windows - LIVE Redistributable
    28-12-2014 20:13:31 Installed DirectX
    29-12-2014 10:00:23 Windows Backup
    31-12-2014 09:25:25 Windows Update
    31-12-2014 10:32:47 avast! antivirus system restore point
    31-12-2014 10:34:10 Device Driver Package Install: Avast Network Service

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-10-21 16:11 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0186AA3E-4AD0-4A09-BB21-ABCE408306A5} - System32\Tasks\{670F3325-7BE6-4A76-92DF-5FA8CD7923A5} => pcalua.exe -a F:\Vado\Codec\MasterInstaller.exe -d F:\Vado\Codec
    Task: {0567508F-93E2-4D3E-974D-EE7A07D47597} - System32\Tasks\{CD381737-F1AC-4D66-96B8-9D5D386B59A5} => pcalua.exe -a "C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
    Task: {061F08D8-231A-40E3-835B-3AE8562AE698} - System32\Tasks\UpdaterEX => C:\Users\Cook\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {07B7F5BC-1099-4BA0-93D1-8B978D635B0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {1480D4FB-4040-46CF-8E19-662318E0998B} - System32\Tasks\{0A93DFAC-B0D1-4DB5-A5E5-85FE7C7F42EA} => pcalua.exe -a C:\PROGRA~2\DCABR\UNWISE.EXE -c C:\PROGRA~2\DCABR\INSTALL.LOG
    Task: {15DCFD1B-A1C9-486F-9431-B8952DF8367F} - System32\Tasks\{74A444BC-4340-499E-868F-1D15BF537506} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {1696DF10-72AD-4DF7-9B3E-E9D51DE31056} - System32\Tasks\{49A628DD-6265-4020-AD23-A7E2CDDB29C3} => C:\Program Files (x86)\CMMFS 2007\CMMFS.exe [2009-04-29] (Drake Software)
    Task: {1A7BED47-183E-412E-837D-4AB4EC99C1B9} - System32\Tasks\{3405CC94-F766-4134-82D3-E32443FEF478} => C:\Riot Games\League of Legends\lol.launcher.exe [2014-01-21] ()
    Task: {1F92D053-DC33-4D38-A9F9-75D61F85740C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
    Task: {215EC8DE-F90A-4DB2-B4FE-FABFAE157580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-28] (AVAST Software)
    Task: {26A07AC0-0345-4122-985E-F6264681D7D6} - System32\Tasks\{6F0D3D94-906D-4AAA-A87C-7837B24581E2} => pcalua.exe -a "C:\Program Files\Riot Games\League of Legends\AdobeAIRInstaller.exe" -d "C:\Program Files\Riot Games\League of Legends"
    Task: {32B7C75A-E289-431F-8F86-E022E3F47611} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
    Task: {35CD9E5E-E90E-4258-A074-248CAFBF96CD} - System32\Tasks\{CB6ED189-88AD-4888-801C-C20B96A781DE} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {37FACE48-ADC3-4C52-8F4C-71705E9238C4} - System32\Tasks\{CF201384-C62C-441A-B990-CA0C2D919E0C} => pcalua.exe -a "C:\Users\Cook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9V3CGXM\VCTRL_PCAPP_LA_3_01_12.exe" -d C:\Users\Cook\Desktop
    Task: {3847B1E1-4364-4BA0-9C88-05CD699EB161} - System32\Tasks\{5F0C3DB6-4558-4F98-B5B0-1DFAA1A30B4F} => D:\setup.exe
    Task: {3B6E3A5D-702F-4E77-8CE0-0688F68C43F5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {3C9ECDAC-90EE-43EB-ADDB-0801BB5E514D} - System32\Tasks\{04468A99-0F0E-4276-A773-51AE735203B1} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {3DE1C842-B127-45D1-856E-46059F9ACC41} - System32\Tasks\{2AA726C5-570E-4B43-A58B-0A00F5E73B7D} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {44B568F6-DEFA-43E6-A714-2A83C3EEA127} - System32\Tasks\IHSelfDeleteTASK => CMD
    Task: {467A3C42-A717-4E5F-B520-F3CC385423CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
    Task: {4C6DE079-8BA8-4E84-A817-5EDD7DEF5B95} - System32\Tasks\{CBD0E095-24FF-407F-8AAD-0294DBA4466C} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {4F64F838-7AA1-4511-B64B-FD744B14C146} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {4FEFC6CF-63D6-4856-9801-796C18BB0CEC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {538F1C20-570E-4BFE-9B97-303F7D147854} - System32\Tasks\{969886B2-B05A-4FFB-AF35-0C69EFA25B6F} => pcalua.exe -a "C:\Users\Cook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9V3CGXM\VCTRL_PCAPP_LA_2_01_04.exe" -d C:\Users\Cook\Desktop
    Task: {602D3590-ED53-4BD7-A2DB-10A964E0E5AC} - System32\Tasks\{FEE14B69-2D16-4B51-A7AC-7C473977018F} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {609238F3-6364-433F-8E14-1A9B9A68FAC4} - System32\Tasks\{4036AD12-363D-4006-8A2A-91D0BEC57787} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {62BDDDC2-65FE-4CCB-9E7A-655F38C3D19F} - System32\Tasks\{D609195A-4455-4649-BDC1-502BBC5302F7} => C:\Program Files (x86)\CMMFS 2007\CMMFS.exe [2009-04-29] (Drake Software)
    Task: {689283F8-E304-44B5-9C53-2B22956EAB0F} - System32\Tasks\{152D6EBC-6A18-44B8-9A31-14BD0EF331BF} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {68F2708C-62C9-4383-99B0-C872CC67A5E7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {6BA9CFF7-D1AD-46F8-96B9-E80F8DA6FBE2} - System32\Tasks\{1FA8C416-17EC-4FB7-B161-C072ACA4A276} => pcalua.exe -a "C:\Users\Cook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWCC9C6S\VADOHD_PCFW_US_1250.exe" -d C:\Users\Cook\Desktop
    Task: {6E1C0E5F-53AD-47DA-860F-1111D1D9C4A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-16] (Adobe Systems Incorporated)
    Task: {6F5AEA4F-8344-42B1-BFDA-63C6C90FEBA6} - System32\Tasks\{3B8498EF-B367-491A-8B13-6860AB0ABC14} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
    Task: {75574723-FBC8-4F7C-B491-EB94B86699D8} - System32\Tasks\IHUninstallTrackingTASK => CMD
    Task: {7BC794D6-1874-455F-8DB3-3F342B2B4871} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {7C0D49BA-3208-4760-9749-3FA8F7FCAF24} - System32\Tasks\{7D2B6432-FEE3-4E73-89CB-5057CC2A3E95} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/17500
    Task: {7DDA757A-D2DE-497E-BB9D-D8A71EE574ED} - System32\Tasks\G2MUpdateTask-S-1-5-21-3903621085-115719457-3043737636-1000 => C:\Users\Cook\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-28] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {86720549-1B5F-4F00-BF82-F5C4C00BB818} - System32\Tasks\{AA711D5A-6621-4E2D-8457-08B9250C3D97} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
    Task: {8840D4B9-2429-4898-8082-6734D42A920F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {8935D378-381A-4397-A3A4-BFF0903D091A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
    Task: {8A97D6CD-9B3A-47D4-9D3E-06941D5076E4} - System32\Tasks\{57AE28E4-1C0C-4B88-A954-1AFE475BE456} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {8E847DE8-1F90-4BAD-8266-ED02AAB138AC} - System32\Tasks\{82656005-BACB-45E4-B655-3C3DD981F13A} => pcalua.exe -a "C:\Users\Cook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USBNR15X\startuplite-setup-1.07.exe" -d C:\Users\Cook\Desktop
    Task: {90209C33-0B9C-4E5A-8C6C-7AA15E2E7E93} - System32\Tasks\{2ECC5129-3BF9-4293-9E76-CA40451F8BB4} => C:\Riot Games\League of Legends\lol.launcher.exe [2014-01-21] ()
    Task: {990BD2CF-B714-4B8D-A4BF-D59AB00BC1EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
    Task: {A50BE196-E52E-4DAA-AFB0-F2D09CDAEE7B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
    Task: {A51877E8-1374-4E14-9051-912C10F76B00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {A577294A-4680-4650-A907-479A0E879584} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {A7D856F5-DF28-4469-8B33-D368F65DB2DD} - System32\Tasks\{A4E8E10D-F9D0-4E5C-92C9-B0571CB0F4A8} => C:\Program Files (x86)\CMMFS 2007\CMMFS.exe [2009-04-29] (Drake Software)
    Task: {ABE67491-86BE-44B3-8E32-3B00A3029AEF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {ADF2A7ED-A2D3-42BF-A1B4-BA938959EBA8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1007 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {AFAF9F5D-929F-4E3C-8563-F59E52C1DE76} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {B6B5C8B6-67F9-468C-85B2-69AAD0F34325} - System32\Tasks\{CDA147C7-5757-4ACE-AC12-AB463FEACCD2} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {BE7A5423-C8A4-4172-899C-3E6718C871B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {C0709A27-C2A1-4C13-A1D1-C1E17EE55A05} - System32\Tasks\{E39DAD56-6C8C-48E0-96B6-EEDAB2334392} => D:\setup.exe
    Task: {C349521D-C577-4F71-938E-7FAD07FB3F00} - System32\Tasks\{F4408956-B398-46A8-BBD8-5B32D7DF4CA3} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {C7D09327-C6CA-4C66-9FB8-FE9431B28864} - System32\Tasks\{0238960A-7697-484D-A371-75BB1DF83017} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {D0EB0EBD-F4AC-41F4-A9C0-F34EE480A433} - System32\Tasks\{0C6B7917-B247-49E4-B54F-36DCC36C784B} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
    Task: {D1D9D39F-9D56-42AD-982F-35CAC1CEA757} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
    Task: {D89B1964-BFA3-4AD8-B4EE-2A5C4379B725} - System32\Tasks\{21595B43-F850-491D-A723-850B0CCBBBE8} => C:\Users\Public\iPod Reset Utility\iPodResetUtility.exe [2012-06-08] ()
    Task: {D9095934-3FA6-4F9C-B1F4-8F97C66F70D2} - System32\Tasks\{E27C6BD7-98B3-4020-8B81-19028766A862} => pcalua.exe -a "C:\Users\Cook\Documents\My Spore Creations\792248d6ad421d577132c2b648bbed45_scc_trial_na.exe" -d "C:\Users\Cook\Documents\My Spore Creations"
    Task: {DB7B546D-404A-4EB9-8087-9E0084BF9D95} - System32\Tasks\{196856C3-82FF-4E30-A0CF-AA81D88363C8} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {DC8CB382-560A-47E1-8DFF-8739B1E1DCCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
    Task: {E0E0BAD2-C7EC-4BBA-8357-CE5E529B42EE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {ED657BA4-3D34-4C07-BD2B-C3C7D59520C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {EE565E85-F5DF-461A-B50C-60242006240B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {EFA548B6-17AA-4CB0-BDB0-60B299285123} - System32\Tasks\{5A249EEA-19E7-4454-9678-8EA11DA1DAC0} => D:\ICEAutoDisk1.exe
    Task: {F437B459-6480-4FC6-BF12-65DF8E917E02} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1007 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3903621085-115719457-3043737636-1000.job => C:\Users\Cook\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core.job => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA.job => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core.job => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Cook\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2014-03-31 14:23 - 2014-12-18 19:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2013-12-06 19:46 - 2013-05-02 13:05 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
    2013-12-06 19:41 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
    2012-02-14 16:53 - 2012-02-14 16:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-12-31 09:14 - 2014-12-31 09:14 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123100\algo.dll
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-05-08 19:21 - 2014-04-22 13:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
    2014-08-28 10:42 - 2014-06-04 09:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-08-28 10:42 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2014-11-28 13:06 - 2014-11-28 13:06 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-12-10 10:49 - 2014-12-10 10:49 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83800187.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83800187.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bsecure => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Bsecure => 2
    MSCONFIG\Services: BsecureAV => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LeapFrog Connect Device Service => 2
    MSCONFIG\Services: Skype C2C Service => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: UMVPFSrv => 2
    MSCONFIG\Services: VIAKaraokeService => 2
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3903621085-115719457-3043737636-500 - Administrator - Disabled)
    Anna (S-1-5-21-3903621085-115719457-3043737636-1007 - Limited - Enabled) => C:\Users\Anna
    Cook (S-1-5-21-3903621085-115719457-3043737636-1000 - Administrator - Enabled) => C:\Users\Cook
    Guest (S-1-5-21-3903621085-115719457-3043737636-501 - Limited - Disabled)
    Mike (S-1-5-21-3903621085-115719457-3043737636-1005 - Limited - Enabled) => C:\Users\Mike

    ==================== Faulty Device Manager Devices =============

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: avast! Firewall NDIS Filter Miniport
    Description: avast! Firewall NDIS Filter Miniport
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ALWIL Software
    Service: aswNdis
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/31/2014 10:49:12 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path

    Error: (12/31/2014 10:49:12 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path

    Error: (12/30/2014 10:39:53 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path

    Error: (12/30/2014 10:39:53 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path

    Error: (12/30/2014 10:27:50 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

    Error: (12/30/2014 10:27:50 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

    Error: (12/30/2014 10:26:22 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path

    Error: (12/30/2014 10:26:22 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path

    Error: (12/30/2014 09:00:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 10.0.9200.17183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1194

    Start Time: 01d0249d7e83afb8

    Termination Time: 5

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (12/30/2014 08:08:16 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
    Description: Prefs: Failed to get user path


    System errors:
    =============
    Error: (12/30/2014 08:21:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 1.191.1091.0

        Update Source: %NT AUTHORITY59

        Update Stage: 4.6.0305.00

        Source Path: 4.6.0305.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\SYSTEM

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

    Error: (12/30/2014 00:55:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 1.191.1091.0

        Update Source: %NT AUTHORITY59

        Update Stage: 4.6.0305.00

        Source Path: 4.6.0305.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\SYSTEM

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

    Error: (12/29/2014 08:42:18 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (12/29/2014 00:57:21 PM) (Source: volsnap) (EventID: 35) (User: )
    Description: The shadow copies of volume G: were aborted because the shadow copy storage failed to grow.

    Error: (12/20/2014 04:03:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (12/20/2014 02:21:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    %%1053

    Error: (12/20/2014 02:21:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (12/16/2014 03:51:43 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (12/16/2014 07:47:11 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (12/13/2014 03:23:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.


    Microsoft Office Sessions:
    =========================
    Error: (03/27/2014 07:55:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1753 seconds with 360 seconds of active time.  This session ended with a crash.

    Error: (03/03/2013 06:02:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 467 seconds with 240 seconds of active time.  This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
      Date: 2013-04-16 14:35:32.069
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-04-16 14:35:31.991
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
    Percentage of memory in use: 36%
    Total physical RAM: 8103.94 MB
    Available physical RAM: 5124.91 MB
    Total Pagefile: 16206.06 MB
    Available Pagefile: 13263.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:229.73 GB) NTFS
    Drive d: (NUTCRACKER_NTSC) (CDROM) (Total:6.48 GB) (Free:0 GB) UDF
    Drive g: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:68.43 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 422B6960)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #14 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 11:58 AM

    Oh - BTW - the avast scan is still running and was NOT complete before.  When it is, I'll repost the full log.  It stillhas a long way to go.



    #15 cook2465

    cook2465
    • Topic Starter

    • Members
    • 182 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:05:30 AM

    Posted 31 December 2014 - 12:08 PM

    Here is the complete aswMBR log:

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2014-12-31 10:51:17
    -----------------------------
    10:51:17.054    OS Version: Windows x64 6.1.7601 Service Pack 1
    10:51:17.054    Number of processors: 4 586 0x2A07
    10:51:17.055    ComputerName: COOK-PC  UserName: Cook
    10:51:35.943    Initialize success
    10:51:36.016    VM: initialized successfully
    10:51:36.017    VM: Intel CPU BiosDisabled
    10:51:38.877    AVAST engine defs: 14123100
    10:52:52.655    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    10:52:52.658    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
    10:52:52.765    Disk 0 MBR read successfully
    10:52:52.769    Disk 0 MBR scan
    10:52:52.773    Disk 0 Windows 7 default MBR code
    10:52:52.785    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    10:52:52.792    Disk 0 default boot code
    10:52:52.805    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
    10:52:52.823    Disk 0 scanning C:\Windows\system32\drivers
    10:53:04.079    Service scanning
    10:53:27.025    Modules scanning
    10:53:27.038    Disk 0 trace - called modules:
    10:53:27.053    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    10:53:27.059    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc5060]
    10:53:27.063    3 CLASSPNP.SYS[fffff880019c443f] -> nt!IofCallDriver -> [0xfffffa800775d520]
    10:53:27.066    5 ACPI.sys[fffff88000d4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007b11060]
    10:53:27.492    AVAST engine scan C:\Windows
    10:53:29.823    AVAST engine scan C:\Windows\system32
    10:59:00.657    AVAST engine scan C:\Windows\system32\drivers
    11:00:19.577    AVAST engine scan C:\Users\Cook
    11:08:10.238    Disk 0 MBR has been saved successfully to "C:\Users\Cook\Desktop\MBR.dat"
    11:08:10.258    The log file has been saved successfully to "C:\Users\Cook\Desktop\aswMBR.txt"
    11:09:24.900    Disk 0 statistics 3674149/0/0 @ 2.65 MB/s
    11:09:24.905    Scan stopped
    11:09:27.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    11:09:27.584    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
    11:09:27.601    Disk 0 MBR read successfully
    11:09:27.608    Disk 0 MBR scan
    11:09:27.613    Disk 0 Windows 7 default MBR code
    11:09:27.621    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    11:09:27.635    Disk 0 default boot code
    11:09:27.639    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
    11:09:27.643    Disk 0 scanning C:\Windows\system32\drivers
    11:09:27.646    Service scanning
    11:10:03.923    Modules scanning
    11:10:03.931    Disk 0 trace - called modules:
    11:10:03.947    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    11:10:03.952    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc5060]
    11:10:03.956    3 CLASSPNP.SYS[fffff880019c443f] -> nt!IofCallDriver -> [0xfffffa800775d520]
    11:10:03.961    5 ACPI.sys[fffff88000d4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007b11060]
    11:10:18.920    AVAST engine scan C:\Windows
    11:10:35.838    AVAST engine scan C:\Windows\system32
    11:14:14.746    AVAST engine scan C:\Windows\system32\drivers
    11:14:42.186    AVAST engine scan C:\Users\Cook
    11:51:56.287    AVAST engine scan C:\ProgramData
    12:06:27.700    Disk 0 statistics 8496416/0/0 @ 1.40 MB/s
    12:06:27.710    Scan finished successfully
    12:06:44.589    Disk 0 MBR has been saved successfully to "C:\Users\Cook\Desktop\MBR.dat"
    12:06:44.626    The log file has been saved successfully to "C:\Users\Cook\Desktop\aswMBR.txt"
    12:07:38.223    Disk 0 MBR has been saved successfully to "C:\Users\Cook\Desktop\MBR.dat"
    12:07:38.227    The log file has been saved successfully to "C:\Users\Cook\Desktop\aswMBR - 2.txt"

     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users